review
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to run git commands (git diff, git log) to identify changes for review. This is the primary mechanism for the skill's functionality.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from git diff outputs. An attacker could embed instructions in code changes that attempt to override the agent's behavior during the review.
- Ingestion points: Untrusted data enters the context through the output of git diff commands in SKILL.md.
- Boundary markers: There are no delimiters or specific instructions to the agent to ignore potential instructions within the code being reviewed.
- Capability inventory: Across all scripts, the agent has access to Bash, Read, Grep, and Glob tools, which provide significant control over the environment.
- Sanitization: No sanitization, escaping, or validation is performed on the code content before it is processed by the agent.
Audit Metadata