branch-review-before-pr
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the
git diffoutput it processes in Step 3 and Step 4. Because the agent is instructed to read the full content of the diff and apply a checklist, malicious instructions embedded in code comments or string literals within the branch being reviewed could influence the agent's behavior. This could lead to the agent suppressing legitimate security findings or suggesting malicious code 'fixes'. - Ingestion points: The skill fetches external data using
git diff origin/main(Step 3). - Boundary markers: Absent. The instructions do not define clear delimiters for the diff content or warn the agent to ignore instructions contained within it.
- Capability inventory: The skill has the capability to modify local files in Step 5 (apply recommended fixes).
- Sanitization: Absent. There is no pre-processing or filtering of the diff content before analysis.
- [COMMAND_EXECUTION]: The skill executes several shell commands to interact with the git repository (
git branch,git fetch,git diff). These are standard operations for the skill's stated purpose of reviewing code branches and do not involve the execution of unverified remote scripts.
Audit Metadata