stacksmith-review
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from git diffs and repository files to perform analysis and apply automated fixes.\n
- Ingestion points: Untrusted data enters the agent context through
git diff origin/$_BASEand file read operations during code, design, and security audits (SKILL.md).\n - Boundary markers: The skill does not implement explicit delimiters or instructions to ignore embedded commands within the content being reviewed.\n
- Capability inventory: The skill has the ability to modify the repository using
WriteandEdittools, and can executegit commitvia theBashtool to apply auto-fixes (SKILL.md).\n - Sanitization: No sanitization or validation logic is present to prevent malicious instructions embedded in reviewed code or commit messages from influencing the agent's behavior.
Audit Metadata