Skills
skills/mgiovani/skills/review-perf/Gen Agent Trust Hub

review-perf

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands such as git diff-tree and gh pr view to determine which files have changed in a specific commit or pull request.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it analyzes external, untrusted code content.
  • Ingestion points: The skill ingests untrusted code from files, commits, and pull requests via Git and the GitHub CLI.
  • Boundary markers: The skill's instructions do not specify any delimiters or boundary markers to separate untrusted code data from the agent's internal analysis prompts.
  • Capability inventory: The skill possesses the capability to read files from the workspace, explore directory structures, and perform text searches using grep.
  • Sanitization: The ingested code content is not sanitized, escaped, or filtered before being processed by the analysis agents.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 04:32 PM
Security Audit — agent-trust-hub — review-perf