difit-dev
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
pnpm run devto initiate code reviews based on Git diffs. This involves running project-specific scripts to compare branches, commits, or uncommitted changes. - [PROMPT_INJECTION]: The skill processes untrusted data which creates a surface for indirect prompt injection. 1. Ingestion points: The skill reads review comments from command output (stdout) and contents from Git diffs. 2. Boundary markers: No specific delimiters or boundary markers are defined for the processed data. 3. Capability inventory: The agent can execute local commands via
pnpm. 4. Sanitization: The skill provides specific instructions to the agent to avoid copying secrets, tokens, or credentials from the code diffs into the review comment system.
Audit Metadata