find-bugs
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
git diffandgh repo viewto retrieve code changes and branch information. These operations are standard for a code auditing tool. - [PROMPT_INJECTION]: The skill processes untrusted code changes from a local branch, creating a surface for indirect prompt injection.
- Ingestion points: Retrieves code diffs and file contents using Git (SKILL.md).
- Boundary markers: The instructions do not define specific delimiters to separate the agent's instructions from the code being reviewed.
- Capability inventory: The skill's capabilities are limited to analysis and reporting findings; it does not perform file writes, remote code execution, or data exfiltration.
- Sanitization: No sanitization is applied to the code content before analysis.
Audit Metadata