checkpoint
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes 'git branch --show-current' and 'git status --short' to determine the current working environment. These are non-destructive informational commands used solely for context gathering.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it reads content from external checkpoint files, MEMORY.md, and plan files to determine next steps for the agent. Evidence: 1. Ingestion points: checkpoint-{name}.md, MEMORY.md, and files within ~/.claude/plans/. 2. Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands in the loaded files. 3. Capability inventory: Ability to execute git commands and perform file read/write operations. 4. Sanitization: Includes basic filename sanitization (lowercase and character replacement) but no content sanitization.
Audit Metadata