icpg
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on local CLI commands (
icpg) and shell scripts (scripts/icpg-pre-edit.sh,scripts/icpg-stop-record.sh,scripts/tdd-loop-check.sh) to perform its functions. These scripts are integrated via hooks in the agent configuration to execute automatically during edit and stop events. - [PROMPT_INJECTION]: The skill processes untrusted data to generate metadata that influences the agent's context.
- Ingestion points: Git history and commit messages are parsed via the
icpg bootstrapcommand to infer intent. - Boundary markers: The skill does not define specific delimiters or instructions to prevent the agent from obeying instructions embedded within inferred commit data.
- Capability inventory: The skill possesses capabilities for local script execution and file modifications in the
.icpg/directory. - Sanitization: No evidence of sanitization for inferred intent text was found before it is injected into the agent's prompt context via the PreToolUse hook.
- [EXTERNAL_DOWNLOADS]: The skill requires standard Python packages, including
chromadb,scikit-learn, andopenai, which are fetched from official registries. - [DATA_EXFILTRATION]: Codebase metadata, including commit history and symbol structures, is transmitted to well-known LLM services (OpenAI and Claude) for intent inference during the bootstrap and creation phases.
Audit Metadata