deep-audit
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute git commands (git diff, git rev-parse, git status) for identifying audit scope and managing temporary worktrees. It also invokes various test runners like pytest, jest, and cargo test based on files detected in the repository.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). 1. Ingestion points: The skill reads source code from the repository, git diff outputs, and local .speak-memory files. 2. Boundary markers: The prompt templates for sub-agents do not include specific delimiters or instructions to treat ingested file content as untrusted data or to ignore embedded AI instructions. 3. Capability inventory: The skill has high-privilege access, including the ability to write and edit files and execute shell commands via Bash. 4. Sanitization: No sanitization or escaping of code content is performed before it is analyzed by the specialist agents.
Audit Metadata