production-ready
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of the
Bashtool to perform system-level operations. Evidence includes runninggit status,git add,git commit,git push, andphp artisan test. These operations are standard for development workflows but grant the agent significant control over the local environment and remote repositories. - [PROMPT_INJECTION]: This skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: The agent uses
Read,Glob, andGrepto scan all files within a project directory, including routes, controllers, and configuration files. - Boundary markers: There are no instructions provided to the agent to treat external codebase content as untrusted or to ignore embedded instructions within comments or documentation.
- Capability inventory: The agent has the ability to modify files (
Write,Edit), execute arbitrary shell commands (Bash), and interact with web browsers (Playwright). - Sanitization: There is no evidence of sanitization or validation of the content read from the codebase before it is processed or used to influence subsequent tasks.
- [DATA_EXFILTRATION]: The skill encourages frequent use of
git pushafter performing agit add -A. While standard for developers, this behavior risks exfiltrating sensitive data (such as API keys or environment variables) to remote repositories if the user has not properly configured.gitignoreor if the agent captures secrets during its 'Comprehensive Codebase Analysis' phase.
Audit Metadata