eld-ground
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: An indirect prompt injection surface exists as the skill processes untrusted pull request metadata and code diffs. Ingestion points: PR titles, descriptions, and git diff outputs. Boundary markers: None identified. Capability inventory: Code analysis, compliance checking, and report generation. Sanitization: No specific input validation or escaping is documented. This behavior is consistent with the skill's primary function and is treated as a safe risk within the context of developer tooling.\n- [COMMAND_EXECUTION]: The skill utilizes local shell commands and git operations to perform its verification tasks. These are executed within the local project environment and are standard for developer automation tools.\n- [EXTERNAL_DOWNLOADS]: CI/CD integration examples reference official GitHub Actions and Slack integrations. These are trusted, well-known services and do not represent a security threat according to the trust-scope rules.
Audit Metadata