weekly-report
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses subprocess.run with argum ent lists to execute git config and git log com m ands. This approach avoids shel l injection vul nerabil ities and is lim ite d to readin g repository m etadata and history necessary for generatin g reports.
- [PROMPT_INJECTION]: The skill is susceptibl e to indirect prom pt injection because it ingests and processes Git com m it m essages, which are untruste d external data. Whil e the im pl em entation uses Python for logic, an LLM interpretin g the final report coul d potential ly be infl uence d by instructions em bedde d in the com m it history. Ingestion points: src/git_analyzer.py (reads com m it m essages usin g git log). Boundary m arkers: Absent. The com m it data is directly interpol ate d into the Markdown report sections. Capabil ity inventory: The skill can execute git com m ands and write fil es to the ~/.weekly-reports/ directory. Sanitization: src/report_generator.py perfor m s basic cl eanin g and truncation on com m it m essages.
Audit Metadata