Skills
skills/lum1104/understand-anything/understand-diff/Gen Agent Trust Hub

understand-diff

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands to inspect the git repository and search the knowledge graph.
  • Evidence: SKILL.md (Step 2) uses git diff --name-only and git diff main...HEAD --name-only to identify changes.
  • Evidence: SKILL.md (Steps 3, 4, 5, and 6) uses grep to parse the .understand-anything/knowledge-graph.json file.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from external sources (git diffs and JSON metadata) into the agent context.
  • Ingestion points: SKILL.md (Steps 2, 4, and 5) retrieve content from git diff output and node summaries in .understand-anything/knowledge-graph.json.
  • Boundary markers: Absent. The instructions do not specify the use of delimiters or 'ignore' instructions to isolate untrusted data from the system prompt.
  • Capability inventory: The skill has the ability to execute shell commands (git, grep) and write files (.understand-anything/diff-overlay.json).
  • Sanitization: Absent. The skill does not validate or sanitize the content of file paths, commit messages, or node summaries before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 12:02 PM