blast-radius
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes git diff and gh pr diff to extract source code changes for analysis. It also utilizes gh pr comment to post findings back to the repository. These actions are standard for developer tools and are documented as part of the skill's normal operations.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and processes untrusted input from pull request descriptions, commit messages, and code diffs to summarize intent and identify impact.
- Ingestion points: Pull request descriptions, commit messages, linked issues, code diffs, and .tap/tap-audit.md.
- Boundary markers: There are no explicit delimiters or safety instructions provided to isolate untrusted data from the agent's core logic during analysis.
- Capability inventory: The skill performs read operations via git and grep and write operations via gh pr comment.
- Sanitization: No sanitization, escaping, or validation of the ingested PR content is performed before it is analyzed.
Audit Metadata