refining
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core functionality requires processing untrusted data from code repositories.
- Ingestion points: The skill reads output from
git diff,git log, and repository source files as seen inSKILL.mdand the impact analysis workflow. - Boundary markers: No explicit delimiters or instructions are used to distinguish the analyzed code from the agent's logic, which could allow malicious code comments to influence the agent's output.
- Capability inventory: The agent has the capability to write back to the repository and external hosting platforms using
git commit,gh pr create, andglab mr create. - Sanitization: There are no instructions to sanitize or validate the content of code diffs before incorporating them into generated commit messages or PR descriptions.
Audit Metadata