Skills
skills/maxijonson/skills/walkthrough-pr/Gen Agent Trust Hub

walkthrough-pr

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingest untrusted data from the repository's git diffs, commit messages, and file contents within the PR branch. An attacker could include malicious instructions in a PR to influence the agent's behavior during the review pass.
  • Ingestion points: Commands such as git diff, git log, and Read operations on files within the temporary worktree.
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when processing external data.
  • Capability inventory: The skill can execute shell-based git commands and use the Write tool to create files (WALKTHROUGH.md) in the local filesystem.
  • Sanitization: No sanitization is performed on the content of the diffs or commit messages, although branch names are slugged to prevent filesystem path issues.
  • [COMMAND_EXECUTION]: The skill relies heavily on executing shell commands via the git CLI. This includes branch resolution, worktree management, and diff generation.
  • Evidence: Uses git worktree add, git worktree remove, git fetch, and git rev-parse with arguments provided by the user (branch names).
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 03:57 PM