Skills
skills/sethgammon/armory/review/Gen Agent Trust Hub

review

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes shell commands, specifically git diff, to retrieve code changes and uses file globbing patterns to identify target files for analysis. These commands are necessary for the skill's primary function as a code reviewer.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data (source code and project configuration files) without sufficient isolation.
  • Ingestion points: The agent reads the content of files, git hunks, and configuration files (e.g., CLAUDE.md, .eslintrc, pyproject.toml) defined in Step 1 and Step 2 of SKILL.md.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore or isolate natural language instructions that might be contained within the code or comments it is analyzing.
  • Capability inventory: The skill has the capability to read any file in the repository and execute git commands.
  • Sanitization: No sanitization or content filtering is performed on the data ingested from the filesystem before the agent performs its multi-pass analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 07:07 AM