config-sync
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes common CLI tools including
git,gh,fd,rg, andshasumto manage repositories and analyze file content. These operations are aligned with the skill's stated purpose of config synchronization.- [DYNAMIC_CONTEXT_INJECTION]: Employs dynamic context placeholders (!fd ...and!pwd) within theSKILL.mdfile to gather information about the local environment and repository structure upon skill activation. The commands used are benign environment-gathering operations.- [INDIRECT_PROMPT_INJECTION]: The skill identifies and processes data from external files, which represents a surface for indirect prompt injection. - Ingestion points: Reads configuration files (GitHub workflows, Dockerfiles, justfiles) from repositories within the
/Users/lgates/repos/ForumViriumHelsinkipath. - Boundary markers: No specific delimiters or boundary instructions are defined to separate the content of these files from the agent's internal logic.
- Capability inventory: The skill is authorized to use tools for writing files, creating Git branches, pushing code, and opening Pull Requests via the
ghtool. - Sanitization: The skill does not implement specific sanitization or integrity checks on the content of the configuration files beyond hashing for comparison purposes.
Audit Metadata