stage-chapters
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes the
stagereviewandgitcommand-line tools to process local repository data and present the final review output. - [EXTERNAL_DOWNLOADS]: User instructions include installing the
stagereviewpackage from the NPM registry, which is a resource associated with the skill's author. - [PROMPT_INJECTION]: The skill processes external content from git hunks and commit messages, which presents an indirect prompt injection surface.
- Ingestion points: Git diff hunks and commit messages are read from a temporary file generated during the preparation step.
- Boundary markers: No specific delimiters or warnings are used to prevent the agent from following instructions that might be embedded in the code diffs or commit messages.
- Capability inventory: The agent has the capability to execute shell commands and write to temporary files as part of its core functionality.
- Sanitization: The input data is analyzed directly without explicit sanitization or filtering of potential injection patterns.
Audit Metadata