extract-rules
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill implements a protection mechanism by using 'git ls-files' to sample only tracked files, which avoids the ingestion of untracked sensitive data such as .env files.
- [CREDENTIALS_UNSAFE]: It includes a dedicated security self-check that scans generated content for patterns indicative of secrets (e.g., API keys, hex strings) and internal URLs, redacting them before finalization.
- [COMMAND_EXECUTION]: Access to the shell is restricted to a small set of predefined, safe commands for file system exploration and metadata retrieval.
- [PROMPT_INJECTION]: The skill processes untrusted codebase content, creating an indirect prompt injection surface. Ingestion points: codebase files, documentation, and conversation history. Boundary markers: none. Capability inventory: restricted to file writes and specific bash utilities (ls, git ls-files, tree, etc.). Sanitization: redaction of secrets via Step 6.5.
Audit Metadata