status
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple local CLI tools including 'ao', 'bd', 'gt', and 'git' to gather status information. It also uses standard shell utilities like 'tail', 'ls', and 'wc' to inspect files in the '.agents/' directory.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from local files and tool outputs. * Ingestion points: Data is read from '.agents/ao/sessions/*.md', '.agents/signals/session-quality.jsonl', and tool outputs from 'ao', 'bd', and 'gt' (SKILL.md). * Boundary markers: No explicit boundary markers are used when interpolating this data into the dashboard template. * Capability inventory: The skill has access to 'Bash', 'Read', 'Grep', and 'Glob' tools (SKILL.md). * Sanitization: No sanitization is performed on the gathered data before it is presented to the agent.
Audit Metadata