pr-title
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Potential indirect prompt injection surface via repository data.
- Ingestion points: The skill reads output from
git diff main...HEADas specified inSKILL.md. - Boundary markers: There are no explicit delimiters or instructions used to separate the diff content from the agent's instructions.
- Capability inventory: The skill is restricted to local
gitcommands and does not possess capabilities for network operations, file writing, or arbitrary code execution. - Sanitization: No content validation or sanitization of the git diff is performed prior to processing.
Audit Metadata