code-moment-switch-model
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill workflow involves executing high-privilege system commands such as
systemctl restart,docker compose up, and destructivegit resetoperations. These are correctly identified as high-risk within the skill's instructions and are protected by mandatory explicit confirmation gates inSKILL.mdSection 4. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes untrusted external data such as stack traces and logs. Ingestion points: User-provided code blocks, file paths, and logs as described in
SKILL.mdSection 0(C). Boundary markers: None defined within the instructions. Capability inventory: Sub-agent spawning viasessions_spawn, file modification, and shell command execution. Sanitization: Relies on human-in-the-loop (HITL) gates for all sensitive actions rather than input filtering.
Audit Metadata