roadmap
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on executing shell commands via Bash, specifically Git utilities (git log, git diff) and search tools (grep, tail, head), to analyze project history and state.\n- [PROMPT_INJECTION]: The skill is exposed to indirect prompt injection by processing untrusted data from the project repository.\n
- Ingestion points: Ingests data from git commit messages, repository documentation (docs/.md), and feature specifications (arkhe/specs//spec.md).\n
- Boundary markers: Lacks explicit boundary markers or instructions to isolate the agent from commands embedded in the analyzed data.\n
- Capability inventory: Possesses the capability to write to important project files and execute shell commands, which could be exploited through malicious inputs.\n
- Sanitization: Does not implement sanitization or validation of external data before integration into the model's context or output files.
Audit Metadata