overnight-development
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires adding a plugin marketplace and installing a plugin from the author's GitHub repository ('jeremylongshore/claude-code-plugins').
- [COMMAND_EXECUTION]: The workflow involves executing bash commands to initialize Git repositories, install Node.js dependencies like 'jest', and modify file permissions using 'chmod +x' to enable Git hook execution.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by autonomously processing and acting upon potentially untrusted test failure logs and Git hook outputs.
- Ingestion points: Standard output from test runners and the '.overnight-dev-log.txt' file.
- Boundary markers: No delimiters are implemented to separate external log content from agent instructions.
- Capability inventory: Extensive tool access including file modification (Write/Edit) and general Bash command execution.
- Sanitization: No sanitization or validation of ingested log data is performed before analysis.
Audit Metadata