Skills
skills/laurigates/claude-plugins/project-distill/Gen Agent Trust Hub

project-distill

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute local git and just commands. This is intended for analyzing the repository state and managing task recipes, though it allows for arbitrary command execution within the scope of the just task runner.
  • Evidence: The allowed-tools section permits Bash(git diff *), Bash(git log *), Bash(git status *), and Bash(just *).
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests data from external tool outputs to influence its reasoning and file-writing actions.
  • Ingestion points: Untrusted data enters the agent's context through git log outputs and the current conversation history (Step 1).
  • Boundary markers: The instructions do not define boundary markers or clear 'ignore' warnings to prevent the agent from obeying instructions embedded in the logs or history.
  • Capability inventory: The skill has Write and Edit permissions for project files (rules, skills, justfiles) and can execute shell commands through the just utility.
  • Sanitization: There is no evidence of sanitization or schema validation for the 'insights' extracted from session history before they are used to update persistent project artifacts.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 06:39 PM