endor-review
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
git diffcommands to identify changed files and retrieve code for analysis. This is a core component of its intended functionality for reviewing code changes. - [PROMPT_INJECTION]: There is a surface for indirect prompt injection because the skill ingests untrusted data from
git diffoutputs. Malicious code or comments within the diff could theoretically attempt to influence the agent's summary or final verdict. 1. Ingestion points: Untrusted code changes gathered viagit diff. 2. Boundary markers: None explicitly defined to isolate the diff data from instructions. 3. Capability inventory: Invokes analysis viascanandsecurity_reviewtools. 4. Sanitization: No explicit sanitization or filtering of the diff content is mentioned before processing.
Audit Metadata