portfolio-artifact
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill utilizes local shell commands (git, jq, gh) to aggregate development metrics. This behavior is consistent with the skill's primary purpose and does not involve downloading or executing remote code. Access to the ~/.claude/ directory is required for inter-skill communication with cost-metering-skill.
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection because it ingests untrusted data from git commit logs and diffs without sanitization or boundary markers.
- Ingestion points: git log, git diff, and the GitHub CLI output.
- Boundary markers: Absent. The scripts and templates do not use delimiters or instructions to ignore embedded commands within the git history.
- Capability inventory: The agent can read and write files (cat, echo >>) and execute shell commands.
- Sanitization: None. The metrics extraction relies on simple string matching (grep) or line counts, and the reporting templates pass content directly to the LLM context.
Audit Metadata