docs
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from the repository, creating a surface for indirect prompt injection.
- Ingestion points: Data enters the agent's context through reading source files (index.ts, services.ts), evaluating git log output, and capturing stdout from CLI commands (via --help).
- Boundary markers: The skill lacks explicit markers or instructions to differentiate between documentation content and potential adversarial instructions embedded in the parsed files or command outputs.
- Capability inventory: The agent has permissions to read, edit, and create files in the working tree, and to perform git commit operations upon request.
- Sanitization: No sanitization or validation logic is defined for the content extracted from external sources before it is utilized by the LLM.
- [COMMAND_EXECUTION]: The skill utilizes shell commands to verify the current state of the repository.
- Evidence: Instructions include running git log --oneline -20 and project binaries with the --help flag.
- Context: These commands are used for context gathering and are subject to guardrails that prohibit history modification or network-push operations.
Audit Metadata