Skills
skills/0xdarkmatter/claude-mods/review/Gen Agent Trust Hub

review

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes various CLI tools including git, gh (GitHub CLI), jq, delta, and difftastic via the Bash tool to inspect repository state and analyze diffs. Several commands in SKILL.md, specifically gh pr diff $PR_NUMBER --patch and git diff $BASE_BRANCH...HEAD, utilize unquoted shell variables which could lead to command injection if malicious arguments are provided to the skill.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) because it ingests untrusted code from external sources and passes it to sub-agents with write and task-creation capabilities. \n
  • Ingestion points: Untrusted source code retrieved via git diff and gh pr diff, and project configuration files such as package.json, .eslintrc, and GitHub workflow files. \n
  • Boundary markers: The skill does not implement explicit boundary markers or isolation instructions to prevent the sub-agents from executing instructions that might be embedded within the code being reviewed. \n
  • Capability inventory: The skill leverages Bash (subprocess calls), Edit and Write (file-write capabilities for applying fixes), and TaskCreate (integration) as documented in SKILL.md. \n
  • Sanitization: No sanitization, escaping, or validation of the code content or project metadata is performed before the data is processed by the AI agents.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 11:30 AM