Skills
skills/sirn/dotfiles/code-explain/Gen Agent Trust Hub

code-explain

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the command jj diff -s to retrieve information about code changes within the local repository.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes WebSearch and WebFetch capabilities to retrieve documentation for libraries and frameworks from external web sources.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from local code files and diff outputs.
  • Ingestion points: Local source code files, output from jj diff -s, and content retrieved via WebFetch (SKILL.md, SUBAGENT.md).
  • Boundary markers: None identified; there are no explicit instructions to the model to ignore instructions embedded within the files being analyzed.
  • Capability inventory: The skill can read local files, execute shell commands (jj), access the internet (WebSearch/WebFetch), and spawn subagents (SUBAGENT.md).
  • Sanitization: No evidence of sanitization or filtering of the ingested code content before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 11:49 AM