kind-senior-developer
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Command Execution] (MEDIUM): The skill constructs shell commands (git show, git log, gh pr diff) using user-provided arguments such as commit hashes and PR numbers. This presents a command injection risk if the inputs are not properly sanitized by the underlying agent platform.
- [Data Exposure] (MEDIUM): The capability to read arbitrary file paths allows the agent to access sensitive files outside of the intended project scope (e.g., ~/.ssh/id_rsa), as no path validation or sandboxing is specified in the execution flow.
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from git diffs and file contents which could contain malicious instructions. Ingestion points: File reads and git/gh command outputs in SKILL.md. Boundary markers: Absent; no delimiters or warnings are used to separate analysis logic from the data being analyzed. Capability inventory: Subprocess calls for git/gh and file-read operations. Sanitization: Absent; the skill directly processes and explains the retrieved content.
Audit Metadata