find-bugs
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it processes external content that could contain malicious instructions.
- Ingestion points: Data enters the agent context via
git diff master...HEADand subsequent file reads in Phase 1. - Boundary markers: Absent. The skill lacks instructions to delimit the diff content or ignore embedded instructions within the code being reviewed.
- Capability inventory: The agent performs a high-trust 'Security Review' task; if compromised via injection, it could hide critical vulnerabilities or mislead the user.
- Sanitization: None. The skill does not sanitize or escape the content of the diffs before analysis.- COMMAND_EXECUTION (LOW): The skill executes local commands (
git diff) to gather data. While standard for this utility, any vulnerability in the underlying tool or unusual environment configurations could be exploited if the branch name or git output is manipulated.
Recommendations
- AI detected serious security threats
Audit Metadata