self-review-diff
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via repository-local configuration files.
- Ingestion points: The agent is instructed to read AGENTS.md files from the repo root and subdirectories to determine lint, test, and review behavior. It also references "local guidance" and "repo conventions" (SKILL.md).
- Boundary markers: No explicit boundary markers or instructions to ignore embedded commands within the ingested configuration files are provided.
- Capability inventory: The skill can execute arbitrary shell commands (via git, bash, gt, and discovered lint/test tools), edit files, and create/amend commits.
- Sanitization: No sanitization or validation of the commands extracted from AGENTS.md or other local guidance is mentioned before execution.
- [COMMAND_EXECUTION]: The skill executes a wide range of shell commands based on findings and repository configuration.
- Evidence: Extensive use of git, gt, rg, and "repo-specific lint and test tools" discovered at runtime. While these are intended for development, their dynamic discovery from untrusted source code increases the risk of command injection or unintended execution.
Audit Metadata