next
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard, non-destructive local commands including
git status,git branch,git log,ls, andgrep. These are used purely for project state discovery and orientation. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted data from the local environment. Ingestion points: Reads output from
git log(commit messages),git branch(branch names), and the contents ofTODO.md. Boundary markers: None present; the AI processes the raw output of the discovery commands. Capability inventory: Limited to read-only Git and filesystem operations; no write, network, or elevated execution capabilities are defined. Sanitization: No explicit sanitization or filtering of the ingested text is performed. However, as the skill is used for orientation and requires the user to decide on the next action, the risk is negligible.
Audit Metadata