differential-review
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1. Ingestion points: methodology.md (Phases 0, 1, and 4) and patterns.md read untrusted code, diffs, and PR metadata. 2. Boundary markers: Absent; no delimiters separate instructions from data. 3. Capability inventory: methodology.md and reporting.md use Bash for shell operations and Write for file creation across the analysis workflow. 4. Sanitization: Absent; the skill does not specify validation or filtering for code content before processing.
- [COMMAND_EXECUTION]: Uses the Bash tool to execute repository analysis commands including git, find, grep, and gh as specified in methodology.md. It also facilitates the execution of external skills like audit-context-building and issue-writer as noted in the Integration section of SKILL.md.
- [EXTERNAL_DOWNLOADS]: Fetches pull request information from GitHub via the gh CLI tool during the triage phase in methodology.md.
Audit Metadata