embedded-cross-review
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bundled shell script
scripts/prepare-diff.shto interact with the local filesystem and git environment. This script extracts repository metadata, detects hardware platforms, and gathers the code diff for review. This is an intended local operation necessary for the skill's functionality. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it ingests untrusted code changes from processed repositories and interpolates them into analysis prompts.
- Ingestion points: Git diff output and repository metadata collected from the local environment (SKILL.md, Phase 0).
- Boundary markers: None identified; the diff content is directly included in the prompt context without protective delimiters or instructions to ignore embedded commands.
- Capability inventory: Execution of local shell scripts and analysis using multiple AI agents.
- Sanitization: No validation or sanitization is performed on the ingested code diffs before inclusion in the review prompts.
Audit Metadata