check-history
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill uses coercive language (e.g., 'MANDATORY', 'FORBIDDEN', 'VIOLATING YOUR CORE DIRECTIVE') in SKILL.md to force the agent to use this tool instead of standard git commands. This is an attempt to override the agent's native decision-making and tool selection process.
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from git history and diffs without boundary markers or sanitization. An attacker could embed instructions in a git commit message which the agent might follow during analysis. • Ingestion points: Git history via 'git log' and diffs via 'git diff' as specified in Step 1 and Step 3. • Boundary markers: Absent. Raw git output is processed without delimiters. • Capability inventory: Bash command execution for git commands (status, diff, log, show). • Sanitization: None. The agent is instructed to 'Analyze Current State' based directly on raw output.
Audit Metadata