Skills
skills/wong2/diffx/diffx-finish-review/Gen Agent Trust Hub

diffx-finish-review

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses curl to interact with a local API endpoint on localhost. This is used to fetch and update the status of code review comments.
  • [PROMPT_INJECTION]: The skill presents an Indirect Prompt Injection vulnerability surface because it processes untrusted data from an external source (the diffx API) and instructs the agent to follow instructions contained within that data.
  • Ingestion points: Comments are fetched from http://localhost:<port>/api/comments as defined in SKILL.md.
  • Boundary markers: The skill lacks delimiters or explicit instructions to treat the comment body as non-executable text, which could lead the agent to follow malicious instructions embedded in a code review comment.
  • Capability inventory: The agent is directed to read local files, apply arbitrary changes to those files (write access), and make local network requests.
  • Sanitization: There is no evidence of sanitization or validation of the body field from the API response before it is used to guide the agent's file modification actions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 01:51 AM