Skills
skills/leesama/skills/report/Gen Agent Trust Hub

report

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes git commands using the spawnSync method in scripts/weekly.js and src/weekly.ts to retrieve commit logs, project metadata, and user configuration. This is a primary function of the skill.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It gathers Git commit messages and sends them to an LLM to be 'optimized' into a reporting format based on instructions in resources/prompt.txt. An attacker who can commit to a repository scanned by this skill could embed instructions to manipulate the report's content or the agent's behavior.
  • Ingestion points: Git commit messages are retrieved from local repositories in scripts/weekly.js.
  • Boundary markers: Absent. The LLM prompt in resources/prompt.txt does not use delimiters or specific safety instructions to distinguish between the report generation logic and the untrusted commit data.
  • Capability inventory: The skill executes local Git commands and writes output to .json and .docx files on the local filesystem via scripts/weekly.js and scripts/weekly_render.js.
  • Sanitization: Absent. Commit messages are passed to the LLM without escaping or filtering.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 02:53 PM