smart-start
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands, specifically
git log,git status, andls, to gather information about the project's state. These are standard diagnostic commands and are not constructed using untrusted input. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection (Category 8) due to its processing of repository content.
- Ingestion points: The skill reads
docs/overview.md, variousplan.mdandtodo.mdfiles within theplans/directory, and git commit history (Steps 1, 2, and 3). - Boundary markers: Absent. There are no clear delimiters or instructions provided to the agent to treat the ingested project data as untrusted or to ignore embedded instructions.
- Capability inventory: The skill's capabilities are restricted to read-only repository and filesystem analysis. It lacks the ability to write files, perform network operations, or execute arbitrary code.
- Sanitization: Absent. The skill does not filter or sanitize the information it extracts from the project files and git logs before presenting it in the session assessment.
Audit Metadata