review-implementation
Pass
Audited by Gen Agent Trust Hub on Jul 1, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions involve reading git metadata (refs, ranges, and diffs). It explicitly restricts these operations to a 'READ-ONLY' mode, forbidding state-mutating actions such as 'git checkout', 'git reset', or checking out branches. This constrained use of system tools for data retrieval is a standard and safe operational pattern.
- [PROMPT_INJECTION]: The skill processes untrusted data from implementation references (git diffs) and specifications (markdown files), which constitutes an indirect prompt injection surface.
- Ingestion points: External data enters the context through git diff text and specification files (spec.md).
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions to wrap external content.
- Capability inventory: Skill capabilities are limited to reading local files and writing markdown reports to the implementation/reviews/ folder.
- Sanitization: No explicit sanitization or filtering of the ingested content is defined.
- [SAFE]: The skill demonstrates safe behavior by emphasizing read-only inspection of implementation artifacts and strictly prohibiting any mutations to the git state or source code during the review process.
Audit Metadata