deadline-prep
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands to retrieve repository metadata. Specifically, it executes
git log --onelineandgit diff --statto gather work history for summary. These commands are restricted to read-only operations on the project's local git history.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its data processing workflow.\n - Ingestion points: Untrusted data is ingested from
.claude/critical_log_changes.csvand the output of thegit logcommand (commit messages).\n - Boundary markers: The instructions lack explicit delimiters or safety warnings to prevent the agent from obeying instructions embedded in the logs or commit messages.\n
- Capability inventory: The skill can read local files, execute git commands, and write the final report to
.claude/demo-outline.md.\n - Sanitization: There is no evidence of sanitization, filtering, or escaping applied to the external log data before it is interpolated into the demo generation prompt.
Audit Metadata