moonshot
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via its data immersion process.
- Ingestion points: As described in the Process section of SKILL.md, the agent reads the last 30 git commits and the project backlog (GitHub issues).
- Boundary markers: The instructions do not define delimiters or provide 'ignore embedded instructions' warnings for the data being read, creating a risk that malicious commit messages could hijack the agent's logic.
- Capability inventory: The skill output is intended to be composed with high-privilege tools such as '/autopilot', potentially leading to automated execution of injected instructions.
- Sanitization: No validation or filtering is performed on the content retrieved from git history or the backlog.
Audit Metadata