chestertons-fence
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/investigate.pyexecutes localgitcommands viasubprocess.runusing argument lists, which is a secure pattern that prevents shell injection. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. Ingestion points:
scripts/investigate.pyreads data fromgit logoutputs and ADR files in.agents/architecture/. Boundary markers: The generated report does not use specific delimiters to separate external content from instructions. Capability inventory: Usessubprocess.runfor git commands andPath.read_text()for file access. Sanitization: Path traversal validation is present, but content from commit messages and files is not sanitized before inclusion in the final report. - [SAFE]: The implementation includes a
validate_path_no_traversalfunction that explicitly protects against directory traversal attacks (CWE-22) by ensuring target paths resolve within the current working directory.
Audit Metadata