Skills
skills/vnord/skills/branch-review-canvas/Gen Agent Trust Hub

branch-review-canvas

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute standard git commands locally to retrieve repository status and code differences. \n
  • Evidence: Execution of commands like git branch --show-current, git status, and git diff.\n- [PROMPT_INJECTION]: The skill processes untrusted input in the form of git diffs and source code, which introduces a surface for indirect prompt injection. \n
  • Ingestion points: Output from git diff and repository source files. \n
  • Boundary markers: No explicit markers are defined in the instructions to separate untrusted code content from the agent's instructions. \n
  • Capability inventory: Execution of local git commands and rendering through the Cursor Canvas SDK. \n
  • Sanitization: The instructions do not specify any sanitization or validation of the ingested code content before it is processed for the canvas.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 12:01 PM
Security Audit — agent-trust-hub — branch-review-canvas