simplify
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by processing untrusted repository data (git diffs) and using it to guide automated actions.\n
- Ingestion points: File content changes are read via
git diffin Phase 1 and 2 and passed to sub-agents.\n - Boundary markers: Instructions do not specify the use of clear delimiters or markers to isolate core instructions from the untrusted diff data.\n
- Capability inventory: The skill has permissions to read the filesystem, modify source code, and execute the local test suite.\n
- Sanitization: No sanitization or escaping of the diff content is mentioned before it is interpolated into prompts.\n- [COMMAND_EXECUTION]: The skill executes local shell commands as part of its operational workflow.\n
- Evidence: The skill uses
git difffor change identification and is instructed to run the project's test suite to verify code changes in Phase 3.
Audit Metadata