skills/entireio/skills/review/Gen Agent Trust Hub

review

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from the repository being reviewed, including git diffs and commit trailers. This content is used to inform the agent's review logic and is interpolated into CLI commands, which represents an indirect prompt injection surface. The workflow lacks explicit boundary markers or sanitization for these external inputs before they are passed to the agent or the CLI, allowing malicious repository content to influence agent behavior or command execution.
  • [COMMAND_EXECUTION]: The skill workflow involves executing several shell commands using git and the entire CLI. Specifically, checkpoint IDs extracted from git commit messages are passed as arguments to the entire explain command. There is no explicit sanitization step for these IDs, which could be exploited for command injection if a repository contains malicious commit trailers.
  • [EXTERNAL_DOWNLOADS]: The skill depends on the entire CLI tool, which is a vendor-provided utility from 'entireio'. It uses this tool to retrieve session metadata and developer intent for more accurate code audits. This dependency is consistent with the skill's stated purpose and author context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 05:31 PM
Security Audit — agent-trust-hub — review