heimdall
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple git commands (git pull, git add, git commit, git push, git mv) to manage the state of the memory repository. Found in Steps 2, 8, and 9.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted data from transcripts and processes it via subagents. Ingestion points: Files located in the inbox/ directory of the user's repository. Boundary markers: None identified; transcript content is interpolated directly into subagent prompts. Capability inventory: The skill can perform file system operations and repository updates via git. Sanitization: No evidence of sanitization or content filtering for the transcript data before processing.
Audit Metadata