code-review
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to retrieve git information for code analysis. These commands are limited to repository metadata and diffs. Evidence in
SKILL.md:git status,git diff HEAD~1,git log --oneline -5, andgit branch --show-current. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes untrusted code changes that could contain adversarial instructions.
- Ingestion points:
SKILL.md(via git diff output). - Boundary markers: Absent.
- Capability inventory:
SKILL.md(read-only git operations). - Sanitization: Absent.
Audit Metadata