Skills
skills/kucherenko/gangsta/audit-review/Gen Agent Trust Hub

audit-review

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes shell commands (git rev-parse, git diff) using variable parameters like {BASE_SHA} and {HEAD_SHA}. If these commit identifiers are sourced from untrusted input or include shell metacharacters, it could facilitate arbitrary command execution on the host environment.
  • [PROMPT_INJECTION]: The template the-inspector-prompt.md is susceptible to indirect prompt injection where malicious instructions embedded in the input variables could override the agent's review task.
  • Ingestion points: Data enters the agent context through the {WHAT_WAS_IMPLEMENTED}, {PLAN_OR_REQUIREMENTS}, and {DESCRIPTION} placeholders in the-inspector-prompt.md.
  • Boundary markers: The prompt template lacks delimiters (like triple quotes or XML tags) or explicit instructions to ignore any commands found within the provided data.
  • Capability inventory: The agent dispatched with this prompt has the capability to execute shell commands, specifically git diff and git diff --stat.
  • Sanitization: There is no evidence of input validation, escaping, or filtering for the data interpolated into the prompt template.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 06:23 AM