Skills
skills/mindfold-ai/trellis/trellis-continue/Gen Agent Trust Hub

trellis-continue

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes local Python scripts (./.trellis/scripts/get_context.py) to manage workflow state and fetch task context. This behavior is standard for the skill's stated purpose but creates a dependency on the integrity of scripts located within the .trellis directory.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it ingests untrusted data from the local environment and provides it to the agent.
  • Ingestion points: Reads project-specific files like prd.md, .trellis/workflow.md, and git commit history via script execution.
  • Boundary markers: Absent. The instructions do not define delimiters or warnings to treat the loaded file content as untrusted data.
  • Capability inventory: Shell command execution capability via python3 subprocess calls.
  • Sanitization: Absent. The skill instructions do not specify any validation or sanitization of the content retrieved from local project files.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 08:18 AM