rrr
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands to gather context, including
git log,git diff, anddate. It also manages the local filesystem usingmkdirto create directory structures for retrospectives. - [COMMAND_EXECUTION]: The
--digmode executes a local Python script located at~/.claude/skills/dig/scripts/dig.py. This introduces a dependency on code residing outside the current skill's directory which cannot be verified within this scope. - [PROMPT_INJECTION]: The skill has a significant surface area for Indirect Prompt Injection (Category 8).
- Ingestion points: The agent reads git commit messages, code diffs, pulse metrics from JSON files, and historical session logs from
ψ/memory/logs/. - Boundary markers: Absent. There are no instructions to use delimiters or to disregard potential commands embedded within the git history or session logs.
- Capability inventory: The skill has the ability to write files to the local system, commit changes to the git repository, and invoke the
oracle_learntool to persist information in the agent's long-term memory. - Sanitization: No validation or sanitization is performed on the ingested git logs or session data before they are processed and incorporated into the final retrospective output.
Audit Metadata