agentic-review
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple Git commands to inspect the local environment and gather code changes.
- Evidence includes calls to
git rev-parse,git status, and variousgit diffoperations (Phase 1, 2, and 3). - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) by ingesting external data and possessing high-privilege capabilities.
- Ingestion points: Untrusted code changes are read via
git diffand incorporated into the agent's context (SKILL.md, Phase 1 and Phase 4). - Boundary markers: Absent. The diff content is passed directly to sub-agents (e.g.,
Task security-sentinel("[diff]")) without delimiters or instructions to ignore embedded instructions (SKILL.md, Phase 4). - Capability inventory: The skill has the capability to write to the filesystem to implement code fixes (SKILL.md, Phase 7).
- Sanitization: No sanitization, validation, or escaping of the diff content is performed before processing or before applying fixes.
Audit Metadata