review-and-commit
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill checks for updates by fetching version information from the author's GitHub repository (https://raw.githubusercontent.com/abpai/skills/main/versions.json).
- [COMMAND_EXECUTION]: Core functionality relies on standard git commands for inspecting and staging changes. It also includes the 'npx skills' command for updating the skill itself.
- [PROMPT_INJECTION]: As the skill processes unvetted code via git diffs, an indirect prompt injection surface is present. 1. Ingestion points: Outputs of git status and git diff in SKILL.md. 2. Boundary markers: Absent; there are no specific markers to isolate processed code from instructions. 3. Capability inventory: Execution of git and npx commands in SKILL.md. 4. Sanitization: Absent; however, the workflow includes a mandatory human approval gate before any destructive or permanent actions (Step 6).
Audit Metadata