docs
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is susceptible to indirect prompt injection due to its ingestion of external, potentially untrusted data sources.
- Ingestion points: The skill reads output from 'git log' and the contents of existing project files (e.g., README.md, ARCHITECTURE.md).
- Boundary markers: The instructions do not define clear delimiters or use 'ignore embedded instructions' warnings when processing ingested text.
- Capability inventory: The skill has permissions to read and write to the local filesystem and execute 'git' commands.
- Sanitization: There is no evidence of sanitization, escaping, or validation of the content retrieved from external sources before it is processed by the agent.
Audit Metadata