gcm
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill ingests untrusted data from staged code changes which could contain malicious instructions designed to manipulate the agent's output or behavior.
- Ingestion points: git diff --cached and git log commands in SKILL.md ingest external code and commit history content.
- Boundary markers: Absent. No explicit instructions are provided to the agent to delimit or ignore instructions found within the diff content.
- Capability inventory: Subprocess execution of git status, git diff, and git log in SKILL.md.
- Sanitization: Absent. No filtering or escaping of the diff output is performed before processing.
- [COMMAND_EXECUTION] (SAFE): Use of shell commands is restricted to standard Git inspection tools (git status, git diff, git log) required for the skill's primary functionality.
Audit Metadata