prime
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Executes the
git ls-filescommand to map the project's file structure. This is a standard operation for codebase orientation. - [PROMPT_INJECTION]: Potential surface for indirect prompt injection as the skill reads and processes the content of
README.mdand.ainotes/memory.md. Malicious instructions embedded in these files could attempt to influence the agent's behavior. - Ingestion points: Reads project files
README.mdand.ainotes/memory.md(SKILL.md). - Boundary markers: Not specified in the skill instructions.
- Capability inventory: Reading local files and executing shell commands (git).
- Sanitization: No explicit sanitization of file content is performed before processing.
Audit Metadata