precommit-review
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation includes installation commands that point to a GitHub repository belonging to the author, Skarian. This is documented as a vendor-owned resource used for skill delivery.
- [COMMAND_EXECUTION]: The skill instructions specifically forbid the agent from executing 'git commit' or other modification commands, ensuring the user remains in control of the final actions.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it is designed to read and process local source code and test files. Evidence: (1) Ingestion points: files within the local worktree; (2) Boundary markers: none; (3) Capability inventory: restricted to file reading with no network or subprocess execution enabled; (4) Sanitization: none. This surface is necessary for the skill's primary function of code analysis and is considered safe given the limited capabilities.
Audit Metadata