preflight
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from the repository's code hunks via Git diffs. This creates a surface for indirect prompt injection, where malicious instructions embedded in the code could attempt to influence the agent's checklist generation.
- Ingestion points: Git diff hunks retrieved in SKILL.md.
- Boundary markers: Absent.
- Capability inventory: Read-only access to the local Git repository.
- Sanitization: No explicit filtering or sanitization of the diff content is specified.
- [COMMAND_EXECUTION]: The skill executes
git diff main...HEADto retrieve code changes. This is a standard read-only operation intended for its primary purpose and uses a static command string.
Audit Metadata