checkpoint
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to manage Git operations and file system locking.
- Evidence:
mkdirfor lock creation,git status,git add,git commit, andgit pushare explicitly mentioned or implied. - [PROMPT_INJECTION]: The 'Validate' step (Step 3) introduces an indirect prompt injection surface by instructing the agent to extract and potentially execute commands found in untrusted repository files.
- Ingestion points: Repository documentation and configuration files including
README.md,CONTRIBUTING.md, build scripts, and CI notes. - Boundary markers: None defined to isolate the discovered instructions from the agent's execution context.
- Capability inventory: The skill implies the ability to execute "validation instructions" found in the repository.
- Sanitization: No sanitization or verification of the discovered commands is mentioned.
Audit Metadata