tilt
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines several shell-based workflows for environment management. It uses
tiltfor resource lifecycle andtmuxfor session persistence. The implementation includes logic to dynamically name tmux sessions based on the current git repository root and safely manage windows to avoid duplication.\n- [PROMPT_INJECTION]: The skill interacts with untrusted external data by reading container logs (tilt logs) and resource statuses (tilt get uiresources). This introduces a surface for indirect prompt injection where malicious log content could attempt to influence the agent's reasoning.\n - Ingestion points: Container logs via
tilt logsand resource metadata viatilt get uiresourcesinSKILL.mdandCLI_REFERENCE.md.\n - Boundary markers: None identified in the provided command patterns.\n
- Capability inventory: Significant capabilities including
tilt up/down/triggerand the ability to send arbitrary keys to a tmux session (tmux send-keys).\n - Sanitization: No evidence of output sanitization or filtering of log content before analysis.\n- [SAFE]: References to external repositories for Tilt extensions (
tilt-dev/tilt-extensions) target well-known and official project sources, which is appropriate for the skill's documented purpose.
Audit Metadata