plan
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface. The skill ingests data from external audit reports and handoff files to generate its output. 1. Ingestion points: Reads audit files from .agents/research/ and .workflow-audit/ in SKILL.md. 2. Boundary markers: Absent; the skill does not explicitly instruct the model to ignore embedded instructions within ingested files. 3. Capability inventory: File system operations (Glob, Grep, Read, Write) and user interaction. 4. Sanitization: Absent.
- [COMMAND_EXECUTION]: The skill performs git operations (status and commit) to ensure a clean working directory before proceeding. These actions are triggered after user confirmation. Evidence: git status and git commit logic in SKILL.md.
Audit Metadata