diffity-resolve
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands using the diffity CLI tool to list, comment, reply, resolve, and dismiss review threads. These commands are integral to the skill's purpose of managing code reviews.- [EXTERNAL_DOWNLOADS]: The instructions direct the agent to install the diffity package globally via npm install -g diffity if the command is not found. This download is from a package registry to install the primary tool required for the skill's functionality.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) because it retrieves and acts upon instructions contained within external review comments.
- Ingestion points: Untrusted data enters the agent context through the JSON output of the diffity agent list --status open --json command, specifically from the body field of comments.
- Boundary markers: The skill lacks explicit boundary markers or instructions to treat the comment body as untrusted data, increasing the risk that the agent might follow malicious instructions embedded in a comment.
- Capability inventory: The agent has permissions to read local files, modify code using the Edit tool, and execute various diffity CLI subcommands.
- Sanitization: No sanitization, filtering, or validation is performed on the comment content before the agent interprets it as a set of instructions for code modification or CLI interaction.
Audit Metadata