Skills
skills/kamranahmedse/diffity/diffity-diff/Gen Agent Trust Hub

diffity-diff

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute commands for verifying the presence of and launching the diffity CLI. It also executes diffity list --json to retrieve session information.
  • [EXTERNAL_DOWNLOADS]: The skill automates the global installation of the diffity package from the npm registry if the tool is not found on the system.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it ingests and processes repository diffs, which are untrusted external data.
  • Ingestion points: Local repository changes and code diffs (SKILL.md).
  • Boundary markers: None present to delimit diff content from agent instructions.
  • Capability inventory: Use of the bash tool to execute CLI commands and manage the diff viewer process.
  • Sanitization: No evidence of sanitization or validation of the diff content before it is processed or displayed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 07:41 PM