review-order
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local git commands (diff, log, status) to identify changes between branches. These operations are standard for development workflows and are properly scoped within the
allowed-toolsconfiguration. - [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted content from repository files during the review process. Although a malicious file could attempt to influence the agent's output, the skill's instructions strictly enforce a rigid, descriptive format ("one short clause per bullet", "no suggestions", "state facts only") which effectively prevents the agent from executing or obeying instructions embedded in the code being analyzed.
- Ingestion points: Reads
git diffoutput and file contents (Step 1 and 2 in instructions). - Boundary markers: None explicitly defined for ingestion; however, the output format is heavily constrained.
- Capability inventory: Uses
Bash(git tools),Read,Grep, andGlob. - Sanitization: No specific sanitization of file content is performed, but the output structure acts as a natural constraint.
Audit Metadata