Skills
skills/sundial-org/awesome-openclaw-skills/diff-summary/Gen Agent Trust Hub

diff-summary

Warn

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx ai-diff-summary to fetch and execute code from the npm registry. The package originates from 'LXGIC Studios', which is not a verified or trusted organization in this context.
  • [REMOTE_CODE_EXECUTION]: By using npx, the skill triggers the execution of remote scripts downloaded at runtime from the npm registry.
  • [COMMAND_EXECUTION]: The skill relies on shell command execution (npx) to interact with the local git environment and generate summaries.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes git diffs, which are external, potentially attacker-controlled data sources. Malicious instructions embedded in code changes (e.g., within comments or strings) could influence the LLM's summary output.
  • Ingestion points: Git staged changes, commit history, and branch comparisons.
  • Boundary markers: Absent; the skill does not specify delimiters or instructions to ignore embedded commands in the diff content.
  • Capability inventory: Reads git repository data and generates text summaries via an LLM.
  • Sanitization: No documentation of sanitization or filtering of the diff content before it is processed by the AI.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 13, 2026, 02:04 PM