Skills
skills/vitadynamics/vita-cc-market/pr-summary-cn/Gen Agent Trust Hub

pr-summary-cn

Fail

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill directly interpolates the ${ARGUMENTS} variable into shell commands for git log and git diff. If a user or an upstream process provides a branch name containing shell metacharacters (e.g., ;, &&, |), it could lead to arbitrary command execution within the agent's environment.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing untrusted data from git history and code diffs.
  • Ingestion points: The skill reads content from git log (commit messages) and git diff (source code changes) which may be authored by external parties.
  • Boundary markers: None present; the untrusted content is mixed directly with instructions to the LLM.
  • Capability inventory: The skill has access to the Bash tool with git permissions.
  • Sanitization: There is no validation or sanitization of the content retrieved from git before it is presented to the model for summarization.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 5, 2026, 08:18 AM