multi-repo
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its repository analysis features.
- Ingestion points: Operation 3 (Detect Breaking Changes) reads and parses content from external files like openapi.yaml, schemas, and source code exports to identify breaking changes.
- Boundary markers: The skill does not define delimiters or provide instructions for the agent to ignore potentially malicious instructions embedded within the analyzed files.
- Capability inventory: The skill possesses significant capabilities, including local file system access (~/.amplihack/), git repository management (cloning and worktrees), and pull request manipulation via the GitHub CLI (gh).
- Sanitization: The skill lacks mechanisms to sanitize or validate content retrieved from external repositories before it is processed by the agent.
Audit Metadata