fix-llm-artifacts
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several standard system and development commands to manage the codebase and verify fixes. This includes using
gitfor status checks and stashing,jqfor parsing JSON data, and various language-specific linters likeruff,mypy, andeslint. These operations are consistent with the skill's stated purpose of maintaining code quality. - [REMOTE_CODE_EXECUTION]: The skill invokes local test runners such as
pytest,npm test,yarn test, andgo test. While these tools execute code residing in the local repository, this is a standard and necessary step for a developer tool intended to verify that applied fixes do not introduce regressions. - [DATA_EXFILTRATION]: The skill accesses the local file
.beagle/llm-artifacts-review.json. This file is used to provide context for the fixes to be applied. The processing of this data occurs entirely within the local environment, and no network exfiltration patterns were identified. - [PROMPT_INJECTION]: The skill possesses a surface for Indirect Prompt Injection (Category 8) because it processes findings generated by a separate review process which may include untrusted content.
- Ingestion points: Data enters the agent's context through the reading of
.beagle/llm-artifacts-review.jsoninSKILL.md. - Boundary markers: There are no explicit delimiters or specific instructions to ignore potentially malicious instructions embedded within the JSON fields when they are interpolated into the
Tasktool prompt. - Capability inventory: The skill has the capability to modify local source code, execute shell commands, and spawn additional agent tasks.
- Sanitization: The skill does not perform explicit validation or escaping of the values extracted from the JSON file before using them to construct instructions for parallel tasks.
Audit Metadata