post-mortem
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill uses localized shell commands (bash, jq, git) to verify project artifacts and process state. These operations are appropriate for a post-mortem auditing role.\n- EXTERNAL_DOWNLOADS (LOW): The skill references and utilizes external security auditing tools such as gitleaks, semgrep, pip-audit, and safety. While these tools are from trusted categories, their use involves interaction with external vulnerability databases and package registries.\n- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) as it processes untrusted content from the codebase to generate findings and delegate tasks.\n
- Ingestion points: Repository source code, git logs, and planning documents (references/metadata-verification.md).\n
- Boundary markers: No specific delimiters or safety instructions are used when interpolating extracted data into report templates or agent prompts.\n
- Capability inventory: Extensive file system access (read/write), shell command execution, and MCP tool interactions (memory_store).\n
- Sanitization: Data from the analyzed environment is not sanitized before being processed by the agent logic.
Audit Metadata