Skills
skills/rcy007/skills/replay/Gen Agent Trust Hub

replay

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from external Git repositories.
  • Ingestion points: The skill utilizes git log, git show, git diff, and the Read tool to extract commit messages and file contents from repositories (found in SKILL.md Phase 1 and Phase 2).
  • Boundary markers: The instructions do not define clear delimiters or include 'ignore embedded instructions' warnings when the narrator persona processes the retrieved repository data.
  • Capability inventory: The skill has access to the Agent tool for spawning subagents, the Read tool, and several git subcommands via Bash.
  • Sanitization: No sanitization or validation is performed on the data fetched from the repository before it is presented to the narration logic.
  • [COMMAND_EXECUTION]: The skill executes multiple Git subcommands through the shell environment.
  • The allowed-tools configuration permits the use of git log, git show, git diff, git rev-list, and git shortlog with wildcard arguments, which relies on the safety of the Git binary and the absence of shell injection vulnerabilities when handling repository data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 06:56 AM