review-style-guide
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute Git commands using the Bash tool with user-provided arguments. This creates a potential command injection vector if the arguments are not validated before execution.
- [PROMPT_INJECTION]: The skill processes external, untrusted content from style guides and code changes, creating a surface for indirect prompt injection where malicious instructions in files could influence the agent. * Ingestion points: Style guide files (e.g., STYLE_GUIDE.md, CLAUDE.md) and git diff output. * Boundary markers: No delimiters or ignore instructions for embedded content are provided. * Capability inventory: Tools include Bash, Read, Grep, and Glob. * Sanitization: None implemented within the skill logic.
Audit Metadata