done
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from the repository to generate summaries and determine storage locations.\n
- Ingestion points:
CLAUDE.md,CLAUDE.local.md,git diff, andgit log.\n - Boundary markers: Absent; the skill relies on the LLM to summarize content without explicit delimiters against embedded instructions.\n
- Capability inventory: Shell command execution (
git,mkdir) and local file system write access.\n - Sanitization: Branch names are sanitized (slashes replaced, length truncated), and the skill strictly enforces a 'never overwrite' policy for existing files.\n- Command Execution (SAFE): The use of
gitandmkdiris restricted to static, well-defined parameters intended for session documentation and does not involve piping remote content to a shell.
Audit Metadata