status
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands including
gitandgh(GitHub CLI) to retrieve project metadata such as commit history, branch status, and issue lists. These are standard developer tools used here for read-only status reporting. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests content from external sources (GitHub issues) and local project files (scratchpad.md, MEMORY.md) to generate recommendations. * Ingestion points: Output from
gh issue listand local project management files. * Boundary markers: Not used; data is directly incorporated into the dashboard logic. * Capability inventory: Includes shell command execution and file system read access. * Sanitization: None; the skill relies on the integrity of the project environment and GitHub data.
Audit Metadata