change-pack
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local
gitcommands such asgit diffandgit logto extract information from the current repository. This is part of the core functionality but involves executing shell-level commands.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from the repository's history and current state. 1. Ingestion points: Therules/change-pack.mdfile specifies that content is read fromgit diffandgit logto create aDIFF_CONTEXT. 2. Boundary markers: Absent; there are no instructions or delimiters provided to the agent to distinguish between valid code changes and potential malicious instructions embedded within the diff text. 3. Capability inventory: The agent uses extracted data to generate branch names, commit messages, and PR descriptions, which could be manipulated by adversarial content in the diff. 4. Sanitization: Absent; the skill summarizes the raw input into a structured context without filtering for potential prompt injection patterns.
Audit Metadata