Skills
skills/nguyenvanchiens/my-skills/review-branch/Gen Agent Trust Hub

review-branch

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes Git commands (git merge-base, git diff, git ls-files) to calculate the changes introduced in a branch. These are standard operations for development-oriented tools.\n- [DATA_EXFILTRATION]: Cumulative code diffs are written to /tmp/review_branch.diff and /tmp/review_branch_new.txt. While this practice provides a local data exposure surface on shared systems, the skill does not perform any network operations to send this data externally.\n- [PROMPT_INJECTION]: The skill reads and processes untrusted data (source code changes) that are then passed to sub-agents for review, which is a surface for indirect prompt injection.\n
  • Ingestion points: Data from git diff and git ls-files stored in /tmp (SKILL.md).\n
  • Boundary markers: Agents are provided with a context string identifying the input as a cumulative diff of a branch.\n
  • Capability inventory: The skill can execute shell commands (git), write to the filesystem, and modify source code.\n
  • Sanitization: No explicit sanitization or filtering of the source code content is performed before it is analyzed by agents.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 10:29 AM