context-diff
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses npx to fetch and run the codecontext package from the NPM registry. This is a standard and safe mechanism for executing Node.js developer utilities.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes repository code and annotations. Ingestion points: Files and annotations provided as arguments. Boundary markers: Absent. Capability inventory: Runs the codecontext command. Sanitization: None identified. This is a low-risk finding inherent to the skill's purpose.
Audit Metadata