aif-qa
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns detected. The skill follows best practices for its intended purpose of software quality assurance.
- [COMMAND_EXECUTION]: Employs restricted shell commands (git and mkdir) to perform version control operations and organize output artifacts. Activity is bounded by user prompts for large commit counts or diff sizes.
- [EXTERNAL_DOWNLOADS]: Utilizes git fetch to synchronize with remote repositories for comparing branches. This is a standard operation within well-known development environments.
- [PROMPT_INJECTION]: Ingests untrusted data through git diff, git log, and file reads (SKILL.md Step 0.1, Step 1, Step 2). While it lacks explicit sanitization, it uses structured boundary markers via markdown templates and restricts capabilities to localized artifact writing and git operations.
Audit Metadata