code-review
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using tools like git and gh to retrieve code diffs and repository metadata. This behavior is necessary for the skill's purpose but involves local command execution.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes and analyzes content from external, untrusted sources such as code diffs and pull request descriptions.
- Ingestion points: Untrusted data enters the context through git diff, git show, and gh pr diff outputs.
- Boundary markers: The skill does not define explicit delimiters or instructions for the agent to ignore potentially malicious content within the diffs.
- Capability inventory: The agent has the capability to execute version control and CLI commands which could be targeted by injected instructions.
- Sanitization: There is no mention of sanitizing or validating the content of the diffs before they are processed by the agent.
Audit Metadata