project-distill
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs shell discovery at load time using the dynamic context injection syntax. Evidence:
!findcommands inSKILL.mdidentify project structure. These are local, non-interactive discovery operations. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and processes historical conversation data and project files. Ingestion points:
SKILL.md(via conversation history review), project rules, and skill files. Boundary markers: Absent. Capability inventory:WriteandEdittools,gitandjustcommands. Sanitization: Absent. The risk is mitigated by a required user confirmation step (AskUserQuestion) before any modifications are applied.
Audit Metadata