apex
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs extensive shell command execution for Git lifecycle management, including repository verification, branch creation, pulling updates, committing changes with specific co-author metadata, and pushing to remote origins. It also utilizes the GitHub CLI (
gh) to automate the creation of Pull Requests with dynamically generated titles and descriptions. - [COMMAND_EXECUTION]: In the validation and testing phases (Steps 5 and 9), the skill dynamically executes build and test scripts based on the project environment. It recognizes and runs commands for multiple ecosystems, including Node.js (
npm,yarn,pnpm), Rust (cargo), Go (go), and Python (ruff,mypy,pytest). - [PROMPT_INJECTION]: The skill exhibits an inherent surface for indirect prompt injection due to its core functionality of reading and analyzing untrusted codebase content.
- Ingestion points: The workflow ingests data from local project configuration files (
package.json,Cargo.toml,pyproject.toml, etc.) and performs a broad codebase analysis using a subagent in theSKILL.md(Step 2) andreferences/workflow.mdfiles. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when interpolating codebase content or feature descriptions into subagent prompts.
- Capability inventory: The skill possesses high-privilege capabilities within the execution environment, including full file system read/write access, network access via Git/GitHub CLI, and arbitrary command execution.
- Sanitization: The skill does not implement sanitization or validation of the content read from the repository before it is used to influence the agent's planning or execution steps.
Audit Metadata