pcp-intake
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes system commands to retrieve metadata about the project environment, specifically executing
git rev-parse --short HEADto determine the current commit identifier during the snapshot process. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection risk (Category 8) because it ingests and processes content from project files that could be modified by third parties. * Ingestion points: The skill reads a variety of files from the working directory, including
README.md,CLAUDE.md,.cursor/rules, and CI/CD configurations. * Boundary markers: There are no explicit delimiters or specific instructions for the agent to ignore potentially malicious embedded commands within these files. * Capability inventory: The agent has the ability to read files, execute local git commands, and invoke thepcp_inittool with summarized project data. * Sanitization: The skill does not implement any validation or sanitization of the content extracted from the repository files before summarizing it for the user or passing it to the initialization tool.
Audit Metadata