explore-test
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its core workflow of analyzing external, untrusted data.
- Ingestion points: The skill reads data from the local repository using
git diff,git log, and theReadtool to examine file contents. - Boundary markers: No explicit boundary markers or delimiters are defined to separate the skill's instructions from the content of the files being analyzed.
- Capability inventory: The skill possesses the capability to suggest executable shell commands and code snippets (e.g.,
node -e,npx jest) based on the analyzed content. While the tools listed inallowed-toolsare restricted, a user might execute suggested malicious commands manually. - Sanitization: No sanitization or validation logic is present to filter out potential instructional overrides embedded in code comments or string literals within the repository.
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to interact with the local environment. Although it is restricted to specific git subcommands (diff,log,status,show), these commands provide access to potentially sensitive repository metadata and history.
Audit Metadata