changelist-mgmt
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands, specifically 'git status', to gather information about the current state of the repository as part of its changelist management workflow.
- [PROMPT_INJECTION]: The skill processes file names and paths obtained from the environment, which constitutes an indirect prompt injection surface. * Ingestion points: Data is read from the local file system through git commands (see SKILL.md and references/changelist-workflows.md). * Boundary markers: The instructions do not define delimiters or markers to isolate file system data from agent instructions. * Capability inventory: The skill can modify .idea/workspace.xml and execute shell commands based on its findings. * Sanitization: There is no specified mechanism for sanitizing file names before they are incorporated into agent-generated content.
Audit Metadata