roast
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to perform repository structure surveys and metadata analysis using commands like ls, wc, du, and git operations. This usage is limited to read-only exploration and is governed by a mandatory security check.- [PROMPT_INJECTION]: The skill ingests untrusted content from the repository for analysis, which presents a surface for indirect prompt injection. 1. Ingestion points: Repository file contents are accessed via the Read, Glob, and Grep tools during the context gathering and validation phases. 2. Boundary markers: The skill does not explicitly use delimiters or specialized instructions to isolate the ingested file content from the sub-agents' primary instructions. 3. Capability inventory: The skill has the ability to read filesystem data, execute restricted Bash commands, and spawn additional agents using the Task tool. 4. Sanitization: No sanitization or escaping of the ingested file content is performed before it is processed by the persona agents.
Audit Metadata