garden
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from project documentation and source code to identify maintenance tasks. \n
- Ingestion points: In Step 2 (Scan), the skill reads project documentation, cross-references it with code, and builds a list of findings from the codebase.\n
- Boundary markers: The instructions do not specify any delimiters or safety markers to separate the scanned project content from the agent's own internal logic or instructions.\n
- Capability inventory: The skill is capable of executing shell commands (git worktree, git commit), modifying the project's source code, and opening pull requests against the main branch.\n
- Sanitization: There is no evidence of sanitization, validation, or filtering of the content being scanned to prevent it from manipulating the agent's subsequent fix or review phases.
Audit Metadata