Skills
skills/brite-nites/britenites-claude-plugins/compound-learnings/Gen Agent Trust Hub

compound-learnings

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from repository files and git diffs, creating a surface for indirect prompt injection. Evidence: (1) Ingestion points: CLAUDE.md, docs/plans/, docs/designs/, and git diff output. (2) Boundary markers: The skill includes specific instructions to treat file content as data only and ignore embedded instructions. (3) Capability inventory: Executes git commands and performs file read/write operations. (4) Sanitization: Includes a strict prohibition against passing data extracted from files into Bash commands.
  • [COMMAND_EXECUTION]: The skill executes git commands via the shell for project analysis. While standard for developer tools, this capability is explicitly guarded by rules preventing the use of data from untrusted files within shell commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 06:19 AM