replay
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection by reconstructing its operational state from external data sources like
manifest.jsonlandhandoff-N-to-M.md. Content from these files, such as goals and decisions, is directly interpolated into a Compression State Block (CSB) that guides the agent's behavior. - Ingestion points: manifest.jsonl, handoff-N-to-M.md, and pipeline-status.md.
- Boundary markers: Emits data within
===COMPRESSION_STATE===markers. - Capability inventory: Executes git commands and performs filesystem read/write operations.
- Sanitization: No evidence of sanitization or validation of the data ingested from the manifests or handoff files.
- [COMMAND_EXECUTION]: The skill executes several shell commands to manage state, specifically using
git log,git branch, andgit status. It also automates the restoration of the working directory from a shadow git repository based on checkpoint data.
Audit Metadata