performance-audit
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Utilizes 'git diff' to programmatically identify files changed in the current branch for targeted analysis. This is a standard and safe operation for developer-focused tools.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes external, potentially untrusted project data. Ingestion points: Reads source files including PHP, JavaScript, CSS, and SQL from the local directory. Boundary markers: The instructions do not define explicit delimiters or ignore-behavior rules for processing instructions embedded within the codebase. Capability inventory: The skill has the ability to spawn a sub-agent via the Task() capability and execute shell commands for repository inspection. Sanitization: There is no explicit evidence of sanitization or validation for content read from files or for variables interpolated into the sub-agent prompt.
Audit Metadata