lesson-learned
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill requires the agent to run several git commands, including 'git log', 'git diff', and 'git show'. While these are central to the skill's primary function of code analysis, shell command execution based on user-provided input (such as commit SHAs) represents a capability surface that should be handled with caution by the underlying platform.
- Indirect Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection because it processes untrusted content from commit messages and code diffs. 1. Ingestion points: Git commit messages and file diffs are read during Phase 2 of the analysis process. 2. Boundary markers: The instructions lack specific delimiters or warnings to the agent to disregard instructions that might be embedded within the code or commit history. 3. Capability inventory: The agent has the ability to execute git commands and may have access to other system tools or network capabilities. 4. Sanitization: There is no evidence of sanitization or filtering of the ingested git data before it is presented to the LLM for pattern analysis.
Audit Metadata