review
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions specify the use of git commands such as
git diff --cachedandgit diffto access source code. These operations are local and consistent with the skill's purpose of reviewing code changes. - [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it processes untrusted source code.
- Ingestion points: Code is ingested via
git diffand file reading (SKILL.md). - Boundary markers: There are no explicit delimiters or boundary markers defined to isolate user code from the agent's instructions.
- Capability inventory: The skill utilizes local file system and git read capabilities. It does not possess network or file-write capabilities in its defined process.
- Sanitization: No sanitization of ingested code content is performed.
Audit Metadata