rules-review
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes git diff and git rev-parse commands using commit identifiers derived from user input. While user-supplied strings are interpolated into these commands, the tool access is restricted by the platform's manifest to these specific subcommands, limiting potential misuse.
- [PROMPT_INJECTION]: The skill processes repository content (rules and code diffs) and incorporates it into prompts for secondary agents, representing an indirect prompt injection surface.
- Ingestion points: Local rule files read from .claude/rules/ and git diff output.
- Boundary markers: The skill uses Markdown section headers (e.g., ## Rules to Check, ## Diff to Review) to isolate untrusted content from the reviewer instructions.
- Capability inventory: Sub-agents are scoped strictly to generating textual compliance reports and do not have access to sensitive tools or external networks.
- Sanitization: No explicit sanitization or instruction filtering of the ingested content is performed before it is passed to the sub-agents.
Audit Metadata