update-work-item
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: Analysis of the skill instructions and scripts found no evidence of malicious intent, prompt injection, or obfuscation. The behavior is consistent with project management tasks.
- [COMMAND_EXECUTION]: The skill includes a utility script
scripts/normalize-related-commits.shthat usesgitcommands to process commit metadata. It safely validates commit hashes using a strict hexadecimal regex ([0-9A-Fa-f]{7,40}), ensuring that untrusted content from markdown files cannot lead to command injection. - [EXTERNAL_DOWNLOADS]: The documentation contains references to GitHub repositories (e.g.,
github.com/squirrel289/temple) for tracking progress and linking pull requests. These are documented for project context and do not represent insecure remote execution risks.
Audit Metadata