differential-review
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute several shell commands for repository analysis, including git diff, git log, git blame, grep, find, and wc as described in methodology.md.
- [EXTERNAL_DOWNLOADS]: The workflow involves fetching data from remote repositories via the GitHub CLI (gh pr view) and git operations to access PRs and commits.
- [PROMPT_INJECTION]: Indirect prompt injection surface identified. 1. Ingestion points: Pull request descriptions, commit messages, and code diffs via git and gh. 2. Boundary markers: No explicit instructions provided to use delimiters or ignore instructions when reading untrusted PR content. 3. Capability inventory: Uses Bash, Read, Write, and Grep tools. 4. Sanitization: No input validation or sanitization is performed on fetched data before analysis.
- [PROMPT_INJECTION]: Deceptive metadata in commands/diff-review.md uses the trailofbits: prefix, which implies affiliation with an external organization while the author is marclelamy.
Audit Metadata