tasks-explain-diff
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted code changes and uses them to generate content for the Notion MCP without defensive boundaries.\n
- Ingestion points: Code changes pointed to by the user or from conversation history (file: SKILL.md).\n
- Boundary markers: Absent. The skill does not use delimiters to isolate user-provided code or provide instructions to the agent to ignore embedded commands.\n
- Capability inventory: The skill utilizes the Notion MCP to create and format pages, allowing the agent to write content to a workspace.\n
- Sanitization: Absent. There is no evidence of filtering or validation of the input code changes before they are processed.- [NO_CODE]: The skill consists entirely of markdown instructions and YAML metadata, with no accompanying scripts or executable files.
Audit Metadata