review
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to run local commands such asgit difffor change analysis,grepfor identifying component IDs in workflow files, andruff(via theuvtool) for automated code linting and formatting checks. - [PROMPT_INJECTION]: As the skill is designed to ingest and analyze untrusted code from pull requests or local files, it possesses an indirect prompt injection attack surface.
- Ingestion points: Reads and processes source code files and directories specified by the user or identified via
git diff(SKILL.md, Section 1). - Boundary markers: There are no specific delimiters or instructions to ignore embedded directives within the code being analyzed.
- Capability inventory: Utilizes
Bashfor shell command execution and may use MCP tools to query external telemetry databases. - Sanitization: The skill does not perform sanitization or filtering of the code content before analysis, relying on the model's inherent ability to distinguish between code and instructions.
- [DATA_EXFILTRATION]: The skill includes explicit instructions and warnings to ensure that sensitive data like client names or project identifiers are never included in output or comments, mandating the use of anonymized aggregate numbers only (SKILL.md and references/telemetry.md).
Audit Metadata