get-git-diff
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill processes untrusted content from git diffs and commit messages to generate summaries and risk assessments. This content could contain malicious instructions designed to manipulate the agent's output or subsequent actions.\n
- Ingestion points:
scripts/commit_info.sh,scripts/diff_stats.sh, andscripts/file_operations.shall ingest data fromgitcommands which reflect repository content.\n - Boundary markers: The skill uses
templates/output_template.mdwhich wraps diff content in triple-backtickdiffblocks to isolate it from the rest of the report.\n - Capability inventory: The skill writes analysis reports to the
/claudedocs/directory and performs automated 'Risk Assessment' based on detected patterns.\n - Sanitization: No explicit sanitization or filtering of the diff content is performed before it is included in the output report.\n- Data Exposure (LOW): The file categorization logic in
scripts/file_operations.shexplicitly checks for and counts sensitive files such as.envand configuration files. While intended for categorization, this behavior can increase the visibility of sensitive files if they are accidentally part of a diff being analyzed.
Audit Metadata