catchup
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): Indirect Prompt Injection surface via external git data. Ingestion points: Commit history and file contents from the current branch (SKILL.md steps 3-5). Boundary markers: None specified in instructions to prevent the agent from following instructions embedded in the code or commits. Capability inventory: Reads local file content and git metadata; no write, network, or execution capabilities were identified. Sanitization: None; the agent interprets the raw text of the codebase and history.
Audit Metadata