create-plan
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Git commands (
git log,git diff) to analyze project history and codebase state during the research phase. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted data from the codebase and GitHub issues which could contain malicious instructions.
- Ingestion points: Codebase files, existing GitHub issues, and project comments (Step 0).
- Boundary markers: No explicit delimiters are used to separate ingested data from agent instructions.
- Capability inventory: Execution of shell commands (Git) and writing to GitHub issues via the
#issue_writecapability. - Sanitization: The instructions do not specify any sanitization or validation of the data retrieved from external sources before processing or outputting it.
Audit Metadata