distill
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows established patterns for administrative work. It uses restricted shell commands (git and bd) to manage task state and move directories. No external network requests, credential access, or unauthorized code execution patterns were identified.
- [PROMPT_INJECTION]: The skill processes historical task data which may contain untrusted content from prior sessions.
- Ingestion points: Reads command output from
bd show <id> --jsonand files within theprojects/<project>/contexts/directory (SKILL.md). - Boundary markers: The skill does not implement specific boundary markers for history analysis, but it employs a human-in-the-loop validation step.
- Capability inventory: The skill has file system modification capabilities (
Write,Edit) and restricted shell access for git and task management tools (SKILL.md). - Sanitization: No explicit sanitization is used for the distilled content; however, all proposed updates to project documentation must be confirmed by the user before execution (Step 6 and Step 7), effectively mitigating the risk of automated poisoning.
Audit Metadata