Skills
skills/duc01226/easyplatform/branch-comparison/Gen Agent Trust Hub

branch-comparison

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute standard git operations (git diff, git log) to perform branch comparisons. These commands are static and used according to the skill's stated purpose.
  • [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection attack surface:
  • Ingestion points: Untrusted data enters the agent context through the output of git diff, git log, and the content of source code files being analyzed.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between its operational instructions and the potentially malicious data contained within code comments or commit messages.
  • Capability inventory: The agent has broad capabilities including Bash command execution, Write, and Edit file operations across the repository.
  • Sanitization: The skill does not implement sanitization or validation of the external content before it is processed by the technical analyst persona.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 09:18 AM
Security Audit — agent-trust-hub — branch-comparison