verify
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute git operations (git diff, git log) and test runners (pytest, npm) for codebase analysis.
- [EXTERNAL_DOWNLOADS]: The workflow invokes dependency audit tools (pip-audit, npm audit) which fetch vulnerability data from official package registries.
- [PROMPT_INJECTION]: The skill processes external data from file diffs and tool logs, which constitutes an indirect prompt injection surface (Category 8). This is inherent to the tool's diagnostic purpose and is mitigated by nuanced grading rubrics and human-in-the-loop verification requirements.
Audit Metadata