Skills
skills/agarichan/sefirot/sefirot-milestone/Gen Agent Trust Hub

sefirot-milestone

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell commands to manage milestone file history and project state.
  • Evidence: The skill uses mv to archive existing milestones.json files with a timestamp suffix and uses git add and git commit to finalize changes in the repository.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and analyzes potentially untrusted external content to generate its output.
  • Ingestion points: User-provided document paths ($ARGUMENTS), project-specific CLAUDE.md, documentation in the docs/ directory, and the project's source code discovered via glob and grep operations.
  • Boundary markers: Absent; the skill does not use specific delimiters or instructions to isolate the data being analyzed from its primary operational instructions.
  • Capability inventory: Local command execution (mv, git), file system read access, and the ability to generate structured milestone data.
  • Sanitization: Absent; the skill directly processes the text from project files to determine the goals and verification steps for new milestones.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 03:08 PM