agentic-review
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, exfiltration, or obfuscation were detected. The skill uses standard local utilities for its stated purpose.
- [COMMAND_EXECUTION]: Executes git commands like
git diffandgit statusto identify local changes for analysis. - [PROMPT_INJECTION]: As a tool that processes raw code changes, it is vulnerable to indirect prompt injection where instructions hidden in code comments could influence analysis sub-agents.
- Ingestion points: Raw code diffs from local git repositories.
- Boundary markers: None identified in the prompt templates sent to sub-agents.
- Capability inventory: Shell command execution (git) and file-write capabilities for applying fixes.
- Sanitization: No filtering or sanitization of input code content is performed.
Audit Metadata