revision
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes git commands such as
git logand project-specific tools likeiteration-loopand{TEST_COMMAND}for analyzing development history and verifying fixes. These are standard operations for development automation and testing environments. - [PROMPT_INJECTION]: An indirect prompt injection surface is present because the skill processes external data (git commit messages) and uses it to update prompts and requirements. 1. Ingestion points: Data enters via git logs and manual fix analysis in SKILL.md. 2. Boundary markers: No explicit delimiters or instructions are provided to isolate potential instructions within commit data. 3. Capability inventory: The agent has the ability to write to requirements/prompt files and execute system commands. 4. Sanitization: No validation or escaping of the ingested text is described before it is used to modify the agent's context.
Audit Metadata