review
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill possesses a surface for indirect prompt injection due to its core functionality.
- Ingestion points: Untrusted data is ingested via
git diff,git log, and external PRD files. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat repository content as untrusted or separate from its own logic.
- Capability inventory: The skill can read repository state and update a local file (
tasks/memory.md), but lacks network access or arbitrary code execution. - Sanitization: No sanitization or escaping of the diff content is performed prior to analysis.
Audit Metadata