script-kit-agent-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several build and development tools to manage the project lifecycle.
- Evidence includes the execution of
cargo check,cargo clippy,cargo test, and the project's own debug binary (./target/debug/script-kit-gpui). - The skill also uses
bunandnpx tsxfor running performance benchmarks and test scripts. - It performs autonomous git operations including
git pullandgit pushto synchronize changes with remote repositories. - [PROMPT_INJECTION]: There is an attack surface for indirect prompt injection as the agent reads and interprets application logs and temporary test outputs.
- Ingestion points: The agent reads logs from
~/.scriptkit/logs/script-kit-gpui.jsonland test runner output from/tmp/test-output.txtto verify successful execution. - Boundary markers: The instructions do not define specific delimiters or guidelines to help the agent distinguish between its own logic and instructions that might be embedded in the log data.
- Capability inventory: The agent possesses significant capabilities, including local command execution, code compilation, and repository write access.
- Sanitization: There is no evidence of sanitization or filtering applied to the logs or output files before the agent processes them.
Audit Metadata