review
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it must ingest and analyze untrusted code content from the local workspace.\n
- Ingestion points:
SKILL.mddirects the agent to readgit diffoutput and the full contents of modified files.\n - Boundary markers: The skill does not implement delimiters or specific instructions to ignore embedded commands within the code being reviewed.\n
- Capability inventory: The agent can execute
gitcommands and is instructed to run project-specific quality checks like linters and tests.\n - Sanitization: No sanitization or validation of the ingested code content is performed.\n- [COMMAND_EXECUTION]: The skill executes shell commands as part of its core workflow.\n
- It uses
git diffto collect context.\n - It directs the agent to execute arbitrary tools defined in the local project environment (e.g., lint, type, tests), which could be a risk if the project configuration is compromised.
Audit Metadata