Skills
skills/akindu23/my-agent-skills/review/Gen Agent Trust Hub

review

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). It ingests untrusted content from git diffs and external specification files, passing them to subagents without using delimiters or instructions to ignore embedded commands.
  • Ingestion points: SKILL.md processes output from git diff and git log, as well as the content of various documentation files (specs, standards).
  • Boundary markers: The prompts generated for the 'Standards' and 'Spec' subagents lack clear boundary markers or instructions to treat the diff/spec content as data rather than instructions.
  • Capability inventory: The skill executes git commands via tool calls and spawns generalPurpose subagents which may have access to further tools.
  • Sanitization: No sanitization or escaping of the diff content or document text is performed before interpolation into the subagent prompts.
  • [COMMAND_EXECUTION]: The skill invokes shell commands including git diff and git log. These are used appropriately for the skill's stated purpose of reviewing code changes, but they involve passing user-provided strings (the 'fixed point' baseline) directly to the git CLI.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 04:13 PM
Security Audit — agent-trust-hub — review