weekly-review
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is susceptible to indirect prompt injection as it aggregates content from attacker-controllable sources (Git logs and project files) and uses it to update the project state and suggest actions. Ingestion points: Git logs for the past week, tasks.md, and .research/ files. Boundary markers: Absent. Capability inventory: Write/Update permissions for .research/logs/weekly/, .research/logs/activity.md, project_telos.md, and phase_checklist.md. Sanitization: Absent.
- [Command Execution] (LOW): The skill invokes the
git logcommand to gather activity data for the review. This is a standard and expected functional requirement of the skill's stated purpose.
Recommendations
- AI detected serious security threats
Audit Metadata