diffity-tour
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the
diffitypackage globally (npm install -g diffity) if it is not present on the system. This package is the central tool required for the skill to function and is provided by the skill's author.\n- [COMMAND_EXECUTION]: The skill relies on executing variousdiffityCLI subcommands (includingtour-start,tour-step,tour-done, andlist) to create and manage guided tours. It also utilizes system commands likewhichto verify dependencies andopento launch the resulting tour in a web browser, and it initiates background processes usingdiffity tree --no-open.\n- [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection. 1. Ingestion points: The agent is instructed to read and analyze local source code files to understand features before creating tour steps. 2. Boundary markers: There are no specific instructions or delimiters provided to prevent the agent from following malicious instructions that might be embedded in the analyzed code or documentation. 3. Capability inventory: The agent possesses the capability to execute shell commands with arguments (narratives) derived from the analyzed code content. 4. Sanitization: The skill lacks instructions for sanitizing or escaping content extracted from the codebase before it is used in CLI command arguments.
Audit Metadata