Skills
skills/camacho/ai-skills/catchup/Gen Agent Trust Hub

catchup

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill runs git log, git status, and gh pr list to retrieve information about the repository state and current pull requests. These are standard operations for development workflows and are used as intended.
  • [DATA_EXFILTRATION]: The skill retrieves pull request data from GitHub using the official CLI tool. Interacting with this well-known service for project status information is a safe and common practice for developer tools.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes data from external sources. Ingestion points: ai-workspace/plans/, ai-workspace/MEMORY.md, HANDOFF.md, and outputs from git and gh CLI tools. Boundary markers: None identified. Capability inventory: Command execution via git and gh. Sanitization: The content is summarized without explicit validation or escaping. This vulnerability surface is typical for context-gathering tools and is considered low risk in the intended development environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 02:11 PM