adversarial-review

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill constructs and runs shell commands such as git diff, claude, codex, and just using user-provided variables BASE and SCOPE. While the instructions specify shell-safe techniques like bash arrays and printf %q quoting, the execution of commands based on user-controlled inputs remains a potential vulnerability surface.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted diff content. \n- Ingestion points: The output of git diff is directly interpolated into model prompts in SKILL.md (Phase 1). \n- Boundary markers: The skill uses markdown headers but lacks robust, unique delimiters or instructions to the model to ignore embedded commands within the diff. \n- Capability inventory: The orchestrating agent has the ability to execute shell commands and interact with network-enabled model CLIs. \n- Sanitization: There is no evidence of sanitization or filtering of the code diff before it is included in the prompt context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 02:33 PM
Security Audit — agent-trust-hub — adversarial-review