wrap-up
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands including
git status,git diff, andnpmscripts (lint, typecheck, test). These are standard development operations used for their intended purpose of gathering session state and checking code quality. - [PROMPT_INJECTION]: Indirect prompt injection surface exists as the skill processes data from the local environment.
- Ingestion points: The skill reads file metadata through
git diffand stdout/stderr logs fromnpm run lint,npm run typecheck, andnpm test. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard content within the command outputs.
- Capability inventory: The skill possesses the ability to execute shell commands (
git,npm). - Sanitization: No sanitization or validation of the command outputs is performed before the data is processed by the agent.
Audit Metadata