status
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill identifies and processes data from external, potentially untrusted sources such as version control logs, pull request titles/bodies, and issue tracker descriptions. This creates a surface for indirect prompt injection if an attacker embeds malicious instructions in those fields.
- Ingestion points: VCS (git logs), Code Review platforms (PR/MR titles and bodies), Issue trackers (Linear/Jira descriptions), and CI/CD logs.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when presenting gathered data.
- Capability inventory: The skill utilizes shell access, executes VCS tools (git, gt, jj), and interacts with platform APIs (GitHub, GitLab, Linear).
- Sanitization: The instructions do not specify any sanitization, escaping, or validation of the content retrieved from external systems.
- [Command Execution] (LOW): The skill relies on executing local scripts (
./scripts/sitrep.ts) and external CLI tools (git,gh,glab) to gather data. While these are necessary for the skill's primary function, they require shell access and assume a level of trust in the local environment and the installed toolchain.
Audit Metadata