verification-gate
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/verification_context.pyexecutes localgitcommands (status, diff, rev-parse) to collect metadata. The implementation usessubprocess.runwith argument lists andshell=False, which is a secure method that prevents shell injection. - [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection because it processes untrusted data from the git repository and interpolates it into the agent's instructions.
- Ingestion points:
scripts/verification_context.pygathers file names, branch names, and diff statistics from the local repository environment. - Boundary markers: Absent; the
references/prompt-template.mduses a simple<verification_context>placeholder without delimiters or explicit instructions to treat the content as data only. - Capability inventory: The skill allows the agent to read repository metadata and perform a verification analysis.
- Sanitization: No sanitization or validation is performed on the data retrieved from the git repository before it is passed to the language model.
Audit Metadata