refresh
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local analysis script (detect_context_drift.py) and standard git binary operations to analyze repository state. These commands are invoked using structured arguments via Python's subprocess module, which is a standard method for repository interrogation.- [PROMPT_INJECTION]: The skill analyzes codebase documentation to auto-generate context summaries, which introduces an indirect prompt injection attack surface (Category 8). Malicious instructions embedded in project documentation could potentially influence the summary generation.
- Ingestion points: Content is read from README.md, CLAUDE.md, and various project markdown files in the docs directory.
- Boundary markers: No explicit data or instruction delimiters are used when processing external file content to isolate it from the agent's instructions.
- Capability inventory: The skill workflow includes file system operations (Write) and local script execution (Bash).
- Sanitization: Data from the codebase is processed for summarization without sanitization of potential embedded instructions.
Audit Metadata