code-review
Pass
Audited by Gen Agent Trust Hub on Jul 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by processing untrusted data from the repository and incorporating it into instructions for autonomous sub-agents.
- Ingestion points: The skill reads input from
git diff,git log(including commit messages), and external specification documents (Issues and PRDs). - Boundary markers: The prompt templates for the sub-agents do not include delimiters or instructions to disregard embedded commands within the analyzed content.
- Capability inventory: The skill uses the
Agenttool to execute general-purpose analysis on the ingested data. - Sanitization: No validation or sanitization is performed on the text extracted from the git history or external specifications before it is used to construct sub-agent prompts.
- [COMMAND_EXECUTION]: The skill relies on local shell commands to retrieve repository data and verify references.
- Evidence: It executes
git diff,git log, andgit rev-parseusing parameters derived from user input.
Audit Metadata