decisions
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill requires the agent to read and edit documentation files (Ingestion points:
docs/decisions/and templates). It lacks boundary markers to separate external content from instructions. While capabilities are limited to file system modification and local git queries, malicious content within existing records or templates could influence the agent's reasoning during the documentation process. - [Command Execution] (LOW): The instructions direct the agent to execute
git log --format="%ai" <commit> -1to verify dates. This involves executing a shell command with a variable commit parameter, which constitutes a standard but exploitable command execution surface if the parameter originates from an untrusted source.
Audit Metadata