review-implementation

Pass

Audited by Gen Agent Trust Hub on Jul 1, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions involve reading git metadata (refs, ranges, and diffs). It explicitly restricts these operations to a 'READ-ONLY' mode, forbidding state-mutating actions such as 'git checkout', 'git reset', or checking out branches. This constrained use of system tools for data retrieval is a standard and safe operational pattern.
  • [PROMPT_INJECTION]: The skill processes untrusted data from implementation references (git diffs) and specifications (markdown files), which constitutes an indirect prompt injection surface.
  • Ingestion points: External data enters the context through git diff text and specification files (spec.md).
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions to wrap external content.
  • Capability inventory: Skill capabilities are limited to reading local files and writing markdown reports to the implementation/reviews/ folder.
  • Sanitization: No explicit sanitization or filtering of the ingested content is defined.
  • [SAFE]: The skill demonstrates safe behavior by emphasizing read-only inspection of implementation artifacts and strictly prohibiting any mutations to the git state or source code during the review process.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 1, 2026, 07:34 AM
Security Audit — agent-trust-hub — review-implementation