Skills
skills/trailofbits/skills/differential-review/Gen Agent Trust Hub

differential-review

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute system commands such as git and gh (GitHub CLI). These are utilized to retrieve code diffs, commit histories, and pull request metadata necessary for performing differential security reviews.
  • [PROMPT_INJECTION]: The skill is subject to an indirect prompt injection surface because it ingests and processes untrusted data from external code changes and pull request comments. Maliciously crafted code or comments could attempt to influence the agent's analysis or output.
  • Ingestion points: Untrusted data is ingested via git diff, git log, and gh pr view as specified in methodology.md.
  • Boundary markers: The instructions do not define explicit delimiters or instructions to ignore embedded commands within the analyzed code, which is common for review tools.
  • Capability inventory: The skill has broad capabilities including Bash access, as well as Read, Write, Grep, and Glob tools defined in SKILL.md.
  • Sanitization: The methodology does not include specific sanitization steps for the data retrieved from the repository before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 09:52 AM