bl-stack
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the use of local Git commands such as
git sl,git amend, andgit rebaseto manage branchless stacks. This is standard behavior for version control tools. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes commit messages and repository states which are external, potentially untrusted inputs.
- Ingestion points: Commit messages and stack status read from the repository via the
git slcommand. - Boundary markers: The instructions do not specify the use of delimiters or warnings to prevent the agent from following instructions embedded in Git output.
- Capability inventory: The agent can execute local shell commands through the Git CLI.
- Sanitization: There is no mentioned process for sanitizing or validating repository data before it is interpreted by the agent.
- [NO_CODE]: The skill consists entirely of Markdown instructions and a Task definition, with no external scripts or executable code files included.
Audit Metadata