spec-end
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and processes content from various project documents and messages from other agents to generate summaries and drive archival workflows.
- Ingestion points: Reads multiple local markdown files (
plan.md,exploration-report.md,summary.md,test-plan.md,test-report.md,debug-xxx.md) and collects text responses from other agent roles viaSendMessagereplies. - Boundary markers: No explicit delimiters or system instructions are defined to distinguish between data content and potential embedded instructions within the ingested markdown files.
- Capability inventory: Performs file system operations (moving project directories to an archive folder) and invokes the vendor's
/git-workflow-soptool to perform repository commits. - Sanitization: Implements a human-in-the-loop mitigation by using
AskUserQuestionto require explicit user confirmation before executing archival movements or Git commits.
Audit Metadata