commit
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill package consists only of markdown documentation and metadata; no executable scripts, configuration files, or implementation logic were provided for analysis.
- [PROMPT_INJECTION]: The skill's core functionality involves analyzing external code changes, which creates a surface for indirect prompt injection. 1. Ingestion points: Code changes and file diffs processed by the analyze and create commands described in SKILL.md. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are defined in the documentation. 3. Capability inventory: Commands defined in SKILL.md perform git analysis and repository commits. 4. Sanitization: No sanitization or validation of the input code changes is mentioned in the documentation.
Audit Metadata