skill-tuning
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to run a local command-line interface (ccw cli) for deep analysis tasks. This execution is dynamically constructed using user-supplied path information and issue descriptions. While the skill includes a basic shell escaping function (escapeForShell), the execution of external tools based on user input is a significant capability that must be monitored. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) due to its core function of analyzing untrusted skill files.
- Ingestion points: The skill uses
Read()andGlob()to ingest the contents of all markdown and configuration files within a user-specified target directory in actions such asaction-diagnose-context.mdandaction-gemini-analysis.md. - Boundary markers: The agent uses structured headers like
[CONTEXT],[TASK], andPURPOSEwithin its prompts to separate instructions from the data being analyzed. However, it lacks explicit negative constraints to prevent the model from following instructions found within the analyzed files. - Capability inventory: The skill possesses extensive capabilities, including the ability to write files (
Write), search the file system (Glob,Grep), execute shell commands (Bash), and invoke other agents (Taskwithuniversal-executor). - Sanitization: The skill performs basic sanitization of input strings for shell commands by escaping double quotes, dollar signs, and backticks via the
escapeForShellfunction. It does not perform semantic validation or filtering of the content read from files before including it in LLM prompts.
Audit Metadata