review

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes git diff and git log to analyze repository changes. It passes a user-supplied 'fixed point' (such as a branch name or commit SHA) directly into these shell commands.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from the codebase being reviewed.
  • Ingestion points: SKILL.md (Step 1 and Step 2) retrieves data from git diff, git log, and external issue trackers specified in commit messages.
  • Boundary markers: The instructions do not define clear delimiters or use 'ignore embedded instructions' warnings when passing diff content to sub-agents.
  • Capability inventory: The skill can execute shell commands (git) and has the ability to read various configuration, documentation, and source files across the repository.
  • Sanitization: There is no evidence of sanitization or filtering for malicious instructions that might be embedded in code comments or commit messages before they are processed by the sub-agents.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 06:10 AM
Security Audit — agent-trust-hub — review