ux
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
git diff --name-only HEAD~1to identify UI files that have recently changed, allowing it to provide contextual reviews. This is a common and legitimate pattern for developer tooling.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted source code files that could contain malicious instructions embedded in comments or strings.\n - Ingestion points: Source code files identified through user input or git history (SKILL.md).\n
- Boundary markers: Absent; there are no specific instructions to the agent to treat the code content as data rather than instructions.\n
- Capability inventory: The skill can read local files, execute git commands, and generate structured advisory reports.\n
- Sanitization: No sanitization or filtering of the source code content is performed prior to analysis.
Audit Metadata