preen-window-consistency
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by reading and processing local source code files across the repository's packages.
- Ingestion points: Commands such as
findandrg(ripgrep) in the 'Discovery Phase' and 'Auth Discovery' sections ingest file names and source code contents into the agent's context. - Boundary markers: There are no specific delimiters or instructions provided to the agent to distinguish between its own logic and instructions that might be embedded in the code it reads.
- Capability inventory: The skill possesses the ability to execute shell commands (
bash), manage package builds (pnpm), and perform version control operations (git commit,git push). - Sanitization: No sanitization or validation of the content discovered via search commands is performed before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill uses
sh -cwithinxargsto perform conditional logic, such as checking for the presence of specific UI components within discovered files. This involves executing shell commands dynamically based on the results of directory traversal.
Audit Metadata