Skills
skills/curiositech/windags-skills/next-move/Gen Agent Trust Hub

next-move

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates untrusted data from the local project environment into its reasoning process.\n
  • Ingestion points: The skill reads project context from git log, CLAUDE.md, package.json, and conversation history (SKILL.md, Step 1).\n
  • Boundary markers: Absent. There are no specific delimiters or instructions used to prevent the agent from following commands that might be embedded in the context data.\n
  • Capability inventory: The skill has access to Bash, Read, Grep, and Glob tools (SKILL.md YAML frontmatter).\n
  • Sanitization: Absent. The skill does not validate or filter the content of the project files it reads.\n- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute standard git operations (status, rev-parse, log, diff) for context gathering. It also executes npx windags to perform planning operations and write local history triples.\n- [EXTERNAL_DOWNLOADS]: The skill uses npx:windags as an allowed tool, which can result in the download of the windags package from the npm registry if it is not present in the local cache.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 03:35 AM