idea-validator
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes Git shell commands (fetch, pull, stash, commit, push) to synchronize the ideas repository with a remote server.
- [COMMAND_EXECUTION]: The skill attempts to execute a local Python script
scripts/update_readme_ideas_index.pyif present in the repository root to refresh the project index. - [DATA_EXFILTRATION]: The skill is designed to push idea descriptions and validation reports to a remote repository on GitHub (
github.com/luongnv89/ideas). This involves transmitting user-provided content to an external service as part of its primary function. - [PROMPT_INJECTION]: The skill processes untrusted user input to populate documentation templates, creating an attack surface for indirect prompt injection (Category 8).
- Ingestion points: Idea descriptions provided via
$ARGUMENTSand user responses to clarification questions are interpolated into theidea.mdfile. - Boundary markers: No explicit delimiters or safety instructions are used to separate user-provided content from the template structure.
- Capability inventory: The agent has the capability to write to the local file system, execute Git commands, and run local Python scripts.
- Sanitization: There is no evidence of sanitization, escaping, or validation of the user input before it is written to markdown files.
Audit Metadata