req-change-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection due to its core functionality of reading and modifying external project code. (1) Ingestion points: File reading in Step 2 of SKILL.md and keyword searching via ripgrep in scripts/impact_scan.sh. (2) Boundary markers: Absent. No specific delimiters or safety warnings are used when the agent processes project code, although Step 4 of SKILL.md enforces a human approval gate. (3) Capability inventory: Step 5 of SKILL.md instructs the agent to implement code changes (file writes) to the local project. (4) Sanitization: Absent. The skill does not perform any sanitization of the code being read.
- COMMAND_EXECUTION (SAFE): The script scripts/impact_scan.sh executes the ripgrep (rg) command. This is used strictly for local file searching and adheres to standard development practices without exposing unsafe execution paths.
Audit Metadata