review-staged-changes
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection by processing external data.
- Ingestion points: The skill ingests untrusted data from the local repository using
git diff --cachedas described inSKILL.md. - Boundary markers: There are no explicit delimiters or instructions (e.g., XML tags or clear-text warnings) to tell the agent to ignore potential instructions embedded within the code diffs.
- Capability inventory: The skill is limited to read-only git operations and does not have capabilities for network communication, file writing, or arbitrary command execution.
- Sanitization: No sanitization or filtering is applied to the diff output before it is processed by the agent.
Audit Metadata