Skills
skills/spencerpauly/awesome-cursor-skills/comparing-branches-visually/Gen Agent Trust Hub

comparing-branches-visually

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: No malicious patterns or vulnerabilities detected. The skill facilitates a common developer workflow using legitimate local tools and configurations.\n- [COMMAND_EXECUTION]: The skill uses npm run dev and Git commands (git worktree, git diff) to set up the testing environment. These are standard development tasks performed on the local filesystem and repository.\n- [PROMPT_INJECTION]: The skill processes file paths from git diff to determine navigation routes, which constitutes an indirect prompt injection surface.\n
  • Ingestion points: File names and paths from Git repository metadata (e.g., from git diff).\n
  • Boundary markers: None explicitly implemented to delimit the file paths when determining routes.\n
  • Capability inventory: Shell execution (git, npm), browser automation tools (browser_navigate, browser_take_screenshot), and local filesystem access.\n
  • Sanitization: The skill relies on standard Git output; it does not perform secondary validation or sanitization of file paths before using them in browser navigation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 09:43 PM