review
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface (Category 8).
- Ingestion points: The agent reads project aims and status from session files in the .oh/ directory and evaluates user-provided code changes.
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore' directives to separate external content from the agent's core instructions.
- Capability inventory: The skill involves reading and writing to the local file system (specifically the .oh/ directory) and suggests executing git commands like stash and commit.
- Sanitization: No sanitization or validation logic is defined for the data ingested from session files or reviewed code repositories.
Audit Metadata