stage-chapters

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes several shell commands to perform its core functions.
  • It runs which stagereview to check for the presence of the required CLI tool.
  • It runs git rev-parse --is-inside-work-tree to verify the execution context is a git repository.
  • It executes stagereview prep to generate diff data and stagereview show to launch a local review interface.
  • [EXTERNAL_DOWNLOADS]: The skill instructions advise the user to install the stagereview package globally via npm (npm install -g stagereview) if the command is not found. This is a legitimate dependency for the skill's functionality.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from the local environment.
  • Ingestion points: The skill reads git commit messages and diff hunks from a temporary file generated by the prep command.
  • Boundary markers: While the data is delimited by headers like === COMMIT MESSAGES === and === HUNKS ===, there are no specific instructions for the agent to ignore or escape instructions that might be embedded within these git objects.
  • Capability inventory: The skill possesses the ability to execute shell commands and write to the file system via mktemp and cat heredocs.
  • Sanitization: The instructions do not specify any sanitization or validation of the content retrieved from the git repository before it is processed by the LLM.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 09:41 AM
Security Audit — agent-trust-hub — stage-chapters