skill-review
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes uncommitted code changes that may contain adversarial instructions.
- Ingestion points: Content from SKILL.md, README.md, and reference files is read into the agent's context using the Read tool and git diff commands.
- Boundary markers: There are no delimiters or specific instructions to treat the file content as passive data, allowing embedded instructions to potentially influence the agent's logic.
- Capability inventory: The agent has the authority to modify files using the Edit tool and execute git commands via Bash.
- Sanitization: No content validation or sanitization is performed on the ingested data before it is passed to the review process.
Audit Metadata