intent-changes
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes a shell command
git config user.name || echo $USERto retrieve the current user's name for review logging. This is a low-risk, non-privileged operation. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted local documents.
- Ingestion points: Reads content from arbitrary files specified by the user via the
/intent-changes startcommand. - Boundary markers: Absent. The skill reads the source document and interpolates its content into the reasoning process without protective delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill has file system read/write access, specifically the ability to modify (apply changes to) the source design documents.
- Sanitization: Absent. Content read from documents is used directly to propose changes without validation or escaping.
Audit Metadata