finishing-branch
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local development commands including git, gh, and language-specific test runners like npm or cargo. These are used for their intended purpose of validating and integrating code.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface in Step 6, where it reads .planning/findings.md. 1. Ingestion points: Reads content from .planning/findings.md. 2. Boundary markers: Does not define delimiters to separate untrusted content from instructions. 3. Capability inventory: The agent can execute shell commands and modify persistent memory files. 4. Sanitization: The skill does not validate or sanitize the content of the findings file before processing.
Audit Metadata