difit-review
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute the
difitCLI tool to process diffs and launch a viewer. This involves running shell commands with arguments derived from user input and agent-generated review findings. - [DATA_EXFILTRATION]: The skill's workflow involves uploading code diffs and review comments to an external service (difit) to generate a shareable URL. Users should be aware that sensitive code content from local repositories or private PRs is transmitted to this external platform.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it analyzes untrusted data from external sources (git diffs, GitHub PRs, patch files) to generate review comments.
- Ingestion points: Local git revisions, GitHub PR URLs, and patch files (referenced in SKILL.md).
- Boundary markers: Absent. There are no instructions to use delimiters or to ignore potential instructions embedded within the code being reviewed.
- Capability inventory: Executes the
difitshell command with potentially large JSON payloads in the--commentflag (referenced in SKILL.md). - Sanitization: Absent. Review findings are interpolated directly into command arguments without explicit sanitization or filtering of the source content.
Audit Metadata