governance
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its automated 'learning' and 'ingestion' features.\n
- Ingestion points: The skill ingests untrusted data from git commit logs (in
recipes/auto-learning-loop.ts) and local document folders (inrecipes/document-ingestion.ts).\n - Boundary markers: No specific boundary markers or instructions to ignore embedded commands are used when interpolating external content into LLM prompts for analysis.\n
- Capability inventory: The skill can create and update organizational guidelines (
guideline_create,guideline_update), which serve as the primary instruction set for all AI agents in the organization via thesmartGuidelinesfeature.\n - Sanitization: No explicit sanitization or filtering of the ingested content is performed before processing.\n- [COMMAND_EXECUTION]: The skill executes local system commands (
git log) to extract information.\n - Evidence: In
recipes/auto-learning-loop.ts,spawnSyncis used to call thegitbinary. The call is implemented safely using an arguments array to prevent shell injection.
Audit Metadata