diffity-diff
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the 'diffity' package globally via npm if it is not already installed. This involves downloading and executing code from the NPM registry.\n- [COMMAND_EXECUTION]: The skill executes shell commands with user-supplied arguments. Specifically, the 'ref' parameter is passed directly to the 'diffity ' command without explicit sanitization, which could lead to command injection if the agent does not validate the input.\n- [PROMPT_INJECTION]: The skill processes untrusted data from external GitHub PR URLs, creating an indirect prompt injection attack surface.\n
- Ingestion points: The 'ref' argument in SKILL.md accepts GitHub PR URLs (e.g., 'https://github.com/owner/repo/pull/123').\n
- Boundary markers: No boundary markers or instructions to ignore embedded instructions are present in the prompt interpolation.\n
- Capability inventory: The skill uses the 'bash' tool to execute system commands and interacts with the 'diffity' CLI to launch a server and open browser sessions.\n
- Sanitization: No sanitization or validation of the input URL or the content fetched by the tool is specified.
Audit Metadata