doc-consolidation
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands, specifically
git status --porcelain, inmodules/candidate-detection.mdto identify untracked markdown files within the repository.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes content from untracked markdown files (*_REPORT.md,*_ANALYSIS.md) which are considered untrusted inputs. Malicious instructions within these files could potentially influence the agent's behavior during analysis or merge tasks.\n - Ingestion points:
modules/candidate-detection.mdidentifies and reads untracked markdown files from the local workspace for processing.\n - Boundary markers: The skill does not define or implement specific delimiters or 'ignore' instructions to isolate the ingested content from the agent's logic.\n
- Capability inventory: The skill performs file reading, file writing (creation and modification), shell command execution (
git), and file deletion usingPath.unlink()as documented inmodules/merge-execution.md.\n - Sanitization: There is no evidence of sanitization, escaping, or validation of the content extracted from source files before it is processed by the agent.\n- [COMMAND_EXECUTION]: The
modules/merge-execution.mdmodule includes logic to delete source files after consolidation. While intended for cleanup, the ability to delete files from the local filesystem is a high-impact capability that requires careful monitoring.
Audit Metadata