diff-review
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to interact with the local environment and git repository.
- Commands include
git,awk,wc, andcatfor data extraction and report generation. - The
catcommand is used to write the final review report to a local file in the current working directory. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted input from code diffs.
- Ingestion points: Git diff output is parsed in
SKILL.mdand passed to AI reviewers. - Boundary markers: No explicit delimiters or instructions are used in
reviewers/gemini-role.md,reviewers/codex-role.md, orreviewers/claude-role.mdto prevent the AI from obeying instructions embedded in the code being reviewed. - Capability inventory: The skill can execute shell commands and write files locally via
SKILL.md. - Sanitization: There is no evidence of sanitization or filtering of the diff content before it is included in the prompts.
Audit Metadata