inquisitor
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates and executes dynamic test scripts (up to 25 tests) based on AI analysis of a git diff to verify system behavior.
- [COMMAND_EXECUTION]: An automated 'Fixer' subagent is empowered to modify production source code files based on test failures.
- [COMMAND_EXECUTION]: The skill relies on executing local system commands such as
git diffandgit merge-baseto determine the feature scope. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted code diffs as primary input for its subagents (Inquisitor and Fixer).
- Ingestion points: Git diff output processed in
SKILL.mdand passed toinquisitor-prompt.md. - Boundary markers: Absent. The
inquisitor-prompt.mdtemplate pastes the raw diff without protective delimiters or instructions to ignore embedded commands. - Capability inventory: Capability to write files and execute arbitrary tests as documented in
SKILL.mdStep 2 and Step 4. - Sanitization: No sanitization or escaping is performed on the diff content before it is processed by the LLM subagents.
Audit Metadata