session-support
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection due to its core workflow of reading and summarizing project documentation that may contain untrusted content. • Ingestion points:
CONTEXT.md,ROADMAP.md, and Git logs/status. • Boundary markers: Absent (no clear delimiters or 'ignore' instructions for processed content). • Capability inventory: Git operations, file writes todocs/, and execution of external tools likeGemini CLI. • Sanitization: None identified in the provided skill definitions. - [COMMAND_EXECUTION] (LOW): The skill metadata and documentation describe the use of shell commands and external CLI tools. While these are used for development purposes (setup, linting, and AI-assisted review), they constitute a capability surface that could be leveraged if the agent is misled by malicious content in ingested files.
Audit Metadata