Skills
skills/jezweb/vite-flare-starter/git-diff-summariser/Gen Agent Trust Hub

git-diff-summariser

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were identified in the skill instructions or script.
  • [COMMAND_EXECUTION]: The skill executes a bundled local shell script (scripts/count.sh) using the run_skill_script tool to process diff metadata.
  • Evidence: The script uses standard Unix utilities (grep, printf) to count additions and deletions and handles input safely via standard input.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from user-provided git diffs, which creates a surface for indirect prompt injection.
  • Ingestion points: Diff content provided by the user in the prompt or read via fs_read from local .diff or .patch files.
  • Boundary markers: Absent; there are no specific instructions to the agent to treat diff content as untrusted or to use delimiters to prevent instruction following within the diff.
  • Capability inventory: The skill has access to read local files (fs_read) and execute its bundled statistics script.
  • Sanitization: None; the agent is instructed to read the raw diff content directly to formulate its response.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 02:58 AM
Security Audit — agent-trust-hub — git-diff-summariser