Skills
skills/metta-ai/tribal-village/review-main/Gen Agent Trust Hub

review-main

Pass

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The skill executes standard Git commands (git merge-base, git diff) to identify changes between branches. These are restricted to local repository operations and are consistent with the skill's stated purpose.
  • [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it ingests and processes untrusted data from git diff output.
  • Ingestion points: The content of files being reviewed via git diff is fed directly into the agent's context.
  • Boundary markers: None specified in the workflow to separate code content from instructions.
  • Capability inventory: The agent performs analysis and reporting based on the ingested code; while it doesn't have destructive capabilities listed, the review output could be biased by malicious comments in the code.
  • Sanitization: No sanitization or filtering of the diff content is performed before analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 18, 2026, 12:29 AM