review-hygiene
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill dynamically generates shell commands to execute linters and formatters (e.g.,
npx eslint <files>) and produces fix commands (e.g.,auto: prettier --write <files>) for the orchestrator to run. These commands incorporate file paths and names derived from the repository (viagit difforgh pr diff), which could allow for command injection if filenames are maliciously crafted to include shell metacharacters. - [REMOTE_CODE_EXECUTION]: The skill instructions utilize
npx,cargo, andnpmto run or install tools. These utilities may download and execute code from public package registries (such as npmjs.com or crates.io) if the required versions are not cached locally, creating a dependency on the security of those external services. - [DATA_EXFILTRATION]: To perform its audit, the skill reads source code and pull request diffs. While no evidence of unauthorized external data transmission was found, the skill has broad access to potentially sensitive project information and processes it using various shell-based diagnostics.
- [PROMPT_INJECTION]: The skill processes untrusted input from the project environment, specifically pull request metadata and file contents. This data is used to populate templates and findings without explicit sanitization or boundary markers, creating a surface for indirect prompt injection that could influence the behavior of the orchestrator or subsequent skills.
Audit Metadata