Skills
skills/nilbuild/diffity/diffity-tour/Gen Agent Trust Hub

diffity-tour

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the diffity CLI tool globally using npm install -g diffity if it is not already present. This is a vendor-owned resource required for the skill to operate.
  • [COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to execute shell commands, including git, gh, npm, and the diffity CLI for repository analysis and tour management.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes content from untrusted external sources like GitHub Pull Request descriptions and commit messages to generate tour narratives.
  • Ingestion points: Data enters the agent's context through gh pr view, gh pr diff, git log, and direct file reads from the repository.
  • Boundary markers: There are no specific boundary markers or instructions to ignore embedded commands when the agent reads external PR or commit content.
  • Capability inventory: The agent has access to the Bash tool, allowing it to execute CLI commands, and the ability to open local browser windows.
  • Sanitization: The skill does not define any sanitization or validation logic for the text extracted from PRs or commits before it is used in the narrative generation process.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 12:06 PM