sync-status
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill uses the Bash tool to execute standard, non-destructive diagnostic commands like git status, git log, and jq. These are used to gather project metadata and do not pose a direct security threat.\n- PROMPT_INJECTION (LOW): The skill presents an Indirect Prompt Injection surface (Category 8).\n
- Ingestion points: Data is read from Plans.md, git log history, and .claude/state/agent-trace.jsonl.\n
- Boundary markers: The skill does not use specific delimiters or instructions to treat ingested file content as untrusted data.\n
- Capability inventory: The agent has permissions for Bash, Write, and Edit tools, which could be misused if the agent obeys instructions embedded in the summarized progress data.\n
- Sanitization: No sanitization or validation is performed on the ingested text before it is presented to the agent.
Audit Metadata