project-continue
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Command Execution] (SAFE): The skill utilizes Bash to execute standard Git commands such as
git status,git log, andgit branch. These operations are well-scoped to the primary purpose of identifying project state. - [Indirect Prompt Injection] (LOW): The skill reads external project documentation and task trackers which could be used as a vector for instructions to influence the agent.
- Ingestion points: Reads files from
.claude/blueprints/prds/,docs/blueprint/feature-tracker.json, and.claude/blueprints/work-orders/. - Boundary markers: Absent. No instructions are provided to the agent to disregard embedded directives within these files.
- Capability inventory:
Read,Bash,Grep,Glob,Edit,Write. - Sanitization: Absent. Data is processed directly as project context.
Audit Metadata