simplify
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks because it ingests and processes untrusted source code through git diffs. A malicious actor could embed instructions within code comments or logic to influence the agent's behavior.
- Ingestion points: The skill uses
git diffto ingest code changes for review inSKILL.md. - Boundary markers: No explicit delimiters or instructions are used to distinguish code data from the agent's operational instructions.
- Capability inventory: The skill has the capability to write files ("Fix worthwhile issues directly") and execute arbitrary validation commands ("tests, lint, typecheck, or a targeted build step") as described in
SKILL.md. - Sanitization: There is no evidence of sanitization or filtering of the ingested code content.
- [COMMAND_EXECUTION]: The skill instructions direct the agent to execute shell commands for both scoping changes (
git diff) and validating results (tests,lint,build). If the skill is used on a repository with malicious build configurations or test scripts, these commands could lead to local code execution.
Audit Metadata