cd-review
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands like
git diffand file reading to inspect the workspace. These operations are essential for the tool's primary purpose of providing feedback on code changes and are conducted within the local context of the project.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it analyzes untrusted data (uncommitted code and diffs) that may contain adversarial instructions meant to manipulate the agent's review report.\n - Ingestion points:
SKILL.md(Step 1: Gather Context reads file contents andgit diffoutput)\n - Boundary markers: Absent (the prompt does not use delimiters to isolate untrusted data from instructions)\n
- Capability inventory: Shell access (
git) and file reading access\n - Sanitization: Absent (the skill does not filter the content of the files before analysis)
Audit Metadata