commit
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is susceptible to indirect prompt injection because it reads and processes the output of git diff and git status to understand changes. If the repository contains malicious instructions within the code or comments being diffed, the agent might inadvertently follow them. * Ingestion points: SKILL.md instructions for 'Analyze Changes' (Step 1) involve reading git status and git diff output. * Boundary markers: There are no explicit delimiters or instructions to ignore content within the diffs that might look like instructions. * Capability inventory: The agent can execute git commands (add, commit, apply, stash, restore, mv, rm) and manage files in the /tmp/ directory. * Sanitization: No sanitization or validation is performed on the output of the git commands before the agent processes them.
Audit Metadata