write-local-report
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by processing untrusted data from the local project environment.
- Ingestion points: The agent reads previous report files from the
.github/reports/directory and source code/test files fromsrc/andtests/to generate summaries. - Boundary markers: The skill relies on Markdown structural elements but lacks explicit delimiters or instructions to the agent to ignore potentially malicious directions embedded in the ingested files.
- Capability inventory: The skill allows the agent to write new files to the repository.
- Sanitization: There are no mechanisms described for sanitizing or filtering instructions that may be hidden in code comments or previous reports.
- [COMMAND_EXECUTION]: The project template includes shell commands for code linting and testing (
black,flake8,pytest). While these are standard tools in a development environment, they constitute an execution surface if the agent attempts to run them on maliciously crafted source or test files.
Audit Metadata