Skills
skills/doccker/cc-use-exp/cc-review/Gen Agent Trust Hub

cc-review

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses git commands such as git diff, git show, and git rev-parse to perform its primary function of code analysis. These commands are executed using user-provided parameters (commit hashes), which is expected behavior for a developer tool.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes untrusted data from git command outputs. Mandatory Evidence Chain: 1. Ingestion points: Results from git diff, git show, and git log commands are processed in SKILL.md. 2. Boundary markers: Absent; there are no instructions to the agent to ignore embedded commands within the code being reviewed. 3. Capability inventory: The skill performs local shell execution of git commands. 4. Sanitization: No sanitization or validation of the content of the repository data was found.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 02:10 AM
Security Audit — agent-trust-hub — cc-review