code-review-uncommitted
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOWCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill executes standard git commands including 'git diff', 'git diff --cached', and 'git status --short' to gather change information. These are read-only operations necessary for the skill's functionality.
- PROMPT_INJECTION (LOW): This skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted data from git diffs and project files like 'CLAUDE.md' or 'AGENTS.md'. A malicious user or file could embed instructions to manipulate the subagent reviews. However, since the skill's capabilities are restricted to text-based reporting and do not include file-writing or network operations, the risk is categorized as low.
- DATA_EXPOSURE (INFO): The skill reads local project files and the global user configuration at '~/.claude/CLAUDE.md'. While this involves accessing sensitive configuration data, it is localized within the user's environment and no external exfiltration patterns were detected.
Audit Metadata