review
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
git diffandgit logto analyze repository changes. It passes a user-supplied 'fixed point' (such as a branch name or commit SHA) directly into these shell commands. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from the codebase being reviewed.
- Ingestion points:
SKILL.md(Step 1 and Step 2) retrieves data fromgit diff,git log, and external issue trackers specified in commit messages. - Boundary markers: The instructions do not define clear delimiters or use 'ignore embedded instructions' warnings when passing diff content to sub-agents.
- Capability inventory: The skill can execute shell commands (
git) and has the ability to read various configuration, documentation, and source files across the repository. - Sanitization: There is no evidence of sanitization or filtering for malicious instructions that might be embedded in code comments or commit messages before they are processed by the sub-agents.
Audit Metadata