code-review
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting untrusted data from user files and git diffs. Maliciously crafted instructions in these inputs could potentially influence agent behavior.
- Ingestion points: File/Directory Review and Git Diff Review sections in SKILL.md.
- Boundary markers: Absent.
- Capability inventory: Reading files and executing 'git diff'.
- Sanitization: Absent.
- [COMMAND_EXECUTION]: The skill requires the agent to execute 'git diff' to analyze code changes.
- [EXTERNAL_DOWNLOADS]: The evaluation report (report.html) loads the SheetJS library from a well-known CDN for rendering data.
Audit Metadata