differential-review
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted code changes, creating a surface for indirect prompt injection. * Ingestion points: Ingests git history, code diffs, and PR metadata. * Boundary markers: No delimiters or safety warnings are specified to isolate untrusted code. * Capability inventory: Capability to write report files and execute the issue-writer command. * Sanitization: No mention of sanitizing the content of the code changes.
- [COMMAND_EXECUTION]: The skill integrates with external tools by executing shell commands. * Evidence: Mentions execution of issue-writer for report generation.
Audit Metadata