experiment
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes arbitrary shell commands provided by the user as performance 'metrics'. This capability allows for the execution of complex shell pipelines within the agent's environment as part of its standard operation.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) because it reads and modifies the contents of project files to propose improvements.
- Ingestion points: Files matching the user-defined
scopeglob pattern within the repository. - Boundary markers: Missing; the skill instructions do not specify any delimiters or safety markers to isolate the content of analyzed files from the agent's core instructions.
- Capability inventory: Execution of shell commands (metric evaluation), file system writes (reporting and telemetry), and git repository manipulation (stash, worktree creation, and merging).
- Sanitization: There is no evidence of sanitization or filtering of the file content before it is provided as context to the agent for the 'propose change' step.
Audit Metadata