auditor-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands for version control and testing operations. Specifically, it uses
git log --oneline --follow -- {file-path},pnpm test 2>&1 | tail -50, andpnpm run typecheck 2>&1 | tail -50. The{file-path}variable is extracted from external phase files, which could lead to command injection if input is maliciously crafted and not sanitized.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and acts upon data from external project files.\n - Ingestion points: Reads content from
plan.md, phase files (phase-{NN}.md), and code review files.\n - Boundary markers: No explicit markers are used to isolate untrusted data from instructions.\n
- Capability inventory: Includes subprocess execution (git, pnpm), file system writes (audit reports), and reading from the user's home directory (
~/.claude/rules/).\n - Sanitization: No evidence of validation or escaping for extracted file paths or content before processing or command construction.
Audit Metadata