refactor-archeology
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run standard git commands like
git blameandgit logto analyze repository history. These are routine operations for the stated purpose of code archaeology. - [DATA_EXPOSURE]: The skill accesses local git metadata, commit messages, and source code comments. This is restricted to local repository data and no network exfiltration patterns were detected.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data such as commit messages and pull request descriptions which could theoretically contain malicious instructions.
- Ingestion points: Git commit messages, PR descriptions, and code comments are read from the local repository (SKILL.md).
- Boundary markers: Not explicitly defined in the instructions.
- Capability inventory: Limited to read-only git operations and text analysis; no file-write, network, or arbitrary code execution capabilities are defined in the skill itself.
- Sanitization: Not explicitly defined, though the risk is low as the output is a research report.
Audit Metadata