lofi-gate-checkpoint
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted data that could contain hidden instructions. • Ingestion points: The agent is directed to read git diff output (Step 1) and mission files such as implementation_plan.md or task.md (Step 2) into its context. • Boundary markers: No explicit delimiters or system instructions are provided to help the agent distinguish between the skill's instructions and the content of the files being analyzed. • Capability inventory: The skill possesses the capability to execute local scripts and git CLI commands. • Sanitization: There is no process for sanitizing or validating the contents of the files before they are evaluated for the checkpoint.
- [COMMAND_EXECUTION] (SAFE): The skill executes a local script (logger.py) included within its own directory structure. This is a standard and expected behavior for the skill's primary purpose of logging verification results and does not involve the execution of untrusted or remote code.
Audit Metadata