finish
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [Command Execution] (LOW): The skill executes
bun run pre-commit, which runs arbitrary scripts defined in the project's local configuration. While this is standard for a development workflow, it executes code based on the project's state. - [Indirect Prompt Injection] (LOW): The skill analyzes local Markdown files and git history to generate documentation and PR descriptions, creating a surface for indirect injection.
- Ingestion points: Project
*.mdfiles,git logoutput, andgit diffoutput are read and analyzed by subagents. - Boundary markers: No explicit delimiters are used when passing file content to subagents for analysis.
- Capability inventory: Includes
git add,git commit,git push,gh pr create, andbun run pre-commit. - Sanitization: The skill correctly uses quoted HEREDOCs (
cat <<'EOF') when executinggit commitandgh pr create. This prevents the shell from interpreting any special characters or commands that might be present in the generated commit messages or PR bodies. - [Data Exposure & Exfiltration] (SAFE): The skill performs network operations (
git push,gh pr create), but these are limited to the project's configured remote repository and are consistent with the skill's primary purpose.
Audit Metadata