lev-align
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from external sources that can be influenced by third parties. * Ingestion points: Reads project documentation (README.md, docs/), architectural decision records (ADRs), and dynamic repository data (git log, bd list issue tracker). * Boundary markers: There are no explicit markers or instructions to the LLM to ignore embedded commands within the ingested text. * Capability inventory: The agent has the ability to execute repository commands (git, bd) and perform file-write operations to update documentation. * Sanitization: No specific sanitization, validation, or escaping of the ingested data is specified before it is processed by the AI.
- [COMMAND_EXECUTION]: Utilizes system commands like git log and bd list to retrieve project state information. These are standard operations for codebase analysis and are used within the local environment.
Audit Metadata