begin
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill's instructions and allowed tools were reviewed. No patterns of prompt injection, obfuscation, persistence, or malicious data exfiltration were found.
- [COMMAND_EXECUTION] (SAFE): The skill utilizes git commands (
git status,git pull,git checkout) which are necessary for the primary purpose of workspace management. The commands are limited to local repository operations. - [Indirect Prompt Injection] (SAFE): The skill processes user-provided task descriptions to generate branch names.
- Ingestion points: User-provided string in
argument-hint"[what you'll work on]". - Boundary markers: None explicitly defined in the shell command templates.
- Capability inventory: Shell execution via
Bash(git checkout *). - Sanitization: The skill explicitly instructs the model to convert input into a strict kebab-case format (e.g.,
feat/add-dark-mode), which effectively sanitizes the input and prevents shell metacharacter injection if followed by the agent.
Audit Metadata