agent-merge
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified within the context merging workflow.\n
- Ingestion points: The skill scans and reads .agent-monad/ directories, including progress.jsonl, handoff.md, conventions.md, and intent.md, from various project paths, git worktrees, and branches.\n
- Boundary markers: The instructions lack explicit boundary markers or warnings to ignore instructions embedded within the data being merged.\n
- Capability inventory: The agent is instructed to read, parse, and write files, as well as execute validation commands (git, tests, lint).\n
- Sanitization: No sanitization or validation of the ingested markdown or JSONL content is performed before presentation to the agent.\n- [COMMAND_EXECUTION]: Instructs the agent to perform validation using shell commands.\n
- Evidence: Phase 4 explicitly guides the agent to check git status and run project-specific tests and linters to verify the integrity of the merged workspace.\n- [NO_CODE]: The skill consists entirely of natural language instructions and does not include executable scripts or binaries.
Audit Metadata