bf-resume
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs shell commands using
gitandyqby interpolating identifiers (such asTICKET,EPIC, andSTORY-ID) retrieved from local project files. If these files contain shell metacharacters, it could lead to arbitrary command execution when the agent runs the maintenance scripts. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it reads untrusted data from
docs/sprint-status.yamlanddocs/tech-specs/to determine parameters for spawning new agent sessions. • Ingestion points:docs/sprint-status.yamlanddocs/tech-specs/{TICKET}-tech-spec.md. • Boundary markers: No boundary markers or 'ignore' instructions are used when passing parsed content to theorchestratetask. • Capability inventory: The skill can execute shell commands, delete local files in.ralph-progress/, and initiate new AI agent tasks. • Sanitization: No validation or escaping is performed on the content parsed from external files before it is used in command strings or instructions. - [EXTERNAL_DOWNLOADS]: The skill references the official GitHub repository for
yqand the Homebrew package manager as sources for required dependencies. These are well-known and trusted resources for software development.
Audit Metadata