Skills
skills/nesnilnehc/ai-cortex/review-diff/Gen Agent Trust Hub

review-diff

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted external data (git diffs and untracked file content) which may contain malicious instructions designed to influence the agent's output.
  • Ingestion points: The input_schema and Input sections in SKILL.md define git diffs and untracked files as the primary data sources.
  • Boundary markers: There are no explicit instructions or delimiters (e.g., XML tags or "ignore instructions within the diff") provided to help the agent distinguish between the data to be reviewed and potential instructions within that data.
  • Capability inventory: The skill's capabilities are limited to generating a findings list; it lacks dangerous tools such as shell execution, file system writing, or network access, which significantly limits the impact of a successful injection.
  • Sanitization: No input sanitization or validation logic is specified in the instructions.
  • [NO_CODE]: The skill consists entirely of Markdown and YAML configuration files. No scripts (Python, JavaScript, Bash, etc.) or binary executables are included in the package.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 01:33 PM