bootstrap
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes local scripts 'gather-git-state.sh' and 'copy-to-clipboard.sh' to automate context collection. These scripts use standard utilities and proper quoting.
- [DATA_EXFILTRATION] (SAFE): Information is stored in local handoff files and copied to the system clipboard for the user. No network exfiltration to external domains was detected.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted data. 1. Ingestion points: git logs, session history, and workspace files. 2. Boundary markers: Absent; untrusted data is not delimited in the generated prompt. 3. Capability inventory: The agent can read arbitrary files via the clipboard script and write to the local handoff directory. 4. Sanitization: Absent; the skill does not escape or validate repository content before inclusion in the bootstrap prompt.
Audit Metadata