reflect
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Employs
git,gh(GitHub CLI), anddateto track session timing, review commit history, and manage project worktrees. Evidence of shell execution found in steps 0, 1, 1b, 2b, 5b, 7, and 8. - [PROMPT_INJECTION]: Potential for indirect prompt injection as the skill ingests content from repository files like commit logs and scratchpad notes to generate issue comments.
- Ingestion points: Content is read from
git log,ai-workspace/scratchpad.md, and.branch-context.md. - Boundary markers: Absent for these data ingestion points.
- Capability inventory: Includes file system writes, git worktree manipulation, and GitHub issue creation or commenting.
- Sanitization: Includes a mandatory manual confirmation step in Step 2b before posting to GitHub issues when matching titles dynamically.
Audit Metadata