Skills
skills/nilbuild/diffity/diffity-learn/Gen Agent Trust Hub

diffity-learn

Warn

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill attempts to install the diffity package globally using npm install -g diffity if it is not found on the system during the setup phase.
  • [COMMAND_EXECUTION]: The skill executes multiple shell commands to manage the environment, including git init, mkdir, and various diffity CLI operations. It uses the user-provided topic argument to construct file system paths (e.g., learn-<topic>), which presents a risk of command or argument injection if the input contains shell metacharacters.
  • [REMOTE_CODE_EXECUTION]: The skill employs a build-agent subagent that is explicitly instructed to generate, run, and verify code. Executing dynamically generated code at runtime is a significant security risk if the generation process is influenced by malicious input.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from user-authored code files and project configurations to provide reviews and plan lessons.
  • Ingestion points: User-provided code in lesson-*/user-*/src/ and the learn.json state file.
  • Boundary markers: None are specified when interpolating user data or file content into subagent prompts.
  • Capability inventory: The skill has the ability to execute shell commands, spawn subagents with custom prompts, and write to the local file system.
  • Sanitization: There is no evidence of sanitization or escaping of external content before it is processed by the AI agents.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 11, 2026, 12:06 PM