Skills
skills/pedronauck/skills/lesson-learned/Gen Agent Trust Hub

lesson-learned

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from git logs and diffs (commit messages and source code) without using boundary markers.
  • Ingestion points: git log and git diff outputs are read into the agent context in Phase 2 of SKILL.md.
  • Boundary markers: Absent. There are no instructions to the agent to treat the git output as data only or to ignore instructions embedded within commit messages.
  • Capability inventory: The skill utilizes the git CLI to read repository history and file contents.
  • Sanitization: Absent. Git output is processed directly without filtering.
  • [COMMAND_EXECUTION]: The skill instructions generate shell commands using parameters provided by the user, which could be exploited if inputs are not properly sanitized by the execution environment.
  • Evidence: SKILL.md (Phase 1) specifies the use of user-provided commit SHAs and numeric counts in commands such as git show <sha> and git log --oneline -N.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 01:53 AM