Skills
skills/asiaostrich/universal-dev-standards/checkin/Gen Agent Trust Hub

checkin

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is configured to execute specific shell commands including git status, git diff, npm test, and npm run lint. These are standard tools for the stated purpose of pre-commit verification and are restricted to specific command prefixes within the tool definitions.
  • [PROMPT_INJECTION]: The skill includes instructions that explicitly define constraints for the AI agent, such as requiring user confirmation before executing commits and prohibiting automatic execution of git add or git push. These act as safety guardrails rather than malicious injections.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from the local repository.
  • Ingestion points: Reads project files, git diff output, and CONTRIBUTING.md using Read, Grep, and Glob tools.
  • Boundary markers: None explicitly defined to separate untrusted file content from system instructions.
  • Capability inventory: Executes local scripts via npm test and npm run lint and performs file system reads.
  • Sanitization: No explicit sanitization or escaping of the ingested file content is mentioned, relying on the agent's internal handling.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 01:24 AM