pr-message
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill is susceptible to indirect prompt injection because it processes untrusted input from commit messages and code changes.
- Ingestion points: Step 1 in
SKILL.mdinstructs the agent to 'Review the changes and commits on the branch'. - Boundary markers: The prompt lacks explicit delimiters or 'ignore' instructions to prevent the model from obeying commands embedded within the code or commit history being analyzed.
- Capability inventory: No dangerous capabilities detected; the skill only generates text and does not execute code, access files, or make network calls.
- Sanitization: No input sanitization or validation is implemented.
Audit Metadata