war-room-checkpoint
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by processing unstructured, potentially untrusted input to influence its decision-making logic and command generation.
- Ingestion points: External data enters through fields such as
decision_needed,blocking_items, andconflict_descriptionas described in theInvocation Patternsection of SKILL.md. - Boundary markers: The prompt templates do not include explicit delimiters or instructions to ignore embedded commands within these descriptive fields.
- Capability inventory: The skill generates
orders(e.g., "Split PR", "Require ADR") that are intended for consumption by calling commands like/do-issueand/fix-pr, which possess repository management and file system capabilities. - Sanitization: There is no mention of sanitization or validation for the input data before it is processed by the reversibility assessment (RS) logic.
- [COMMAND_EXECUTION]: The documentation includes a verification step for developers that involves the execution of the
make test-checkpointshell command.
Audit Metadata