Skills
skills/ag-grid/ag-charts/sync-ag-shared/Gen Agent Trust Hub

sync-ag-shared

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes system commands including git, gh (GitHub CLI), and yarn to manage repository state and push/pull subrepo changes.
  • [COMMAND_EXECUTION]: Executes local repository scripts such as setup-prompts.sh and verify-rulesync.sh found within the subrepo structure during the sync process.
  • [PROMPT_INJECTION]: Utilizes sub-agents to analyze repository content and apply companion changes to other repositories. This behavior introduces a surface for indirect prompt injection:
  • Ingestion points: The skill reads git diff output, git log entries, and external/ag-shared/docs/SYNC-LOG.md (SKILL.md), which may contain untrusted content from commit messages or file modifications.
  • Boundary markers: Absent; the sub-agent receives raw repository data without specific delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill possesses the capability to modify files, execute shell commands, and interact with the GitHub API via the gh tool (SKILL.md).
  • Sanitization: Absent; the skill directs the sub-agent to "replicate patterns" from analyzed changes without performing validation or filtering of the ingested data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 11:18 AM