baseline-restorer
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection because it processes untrusted data from git logs and file diffs without isolation.
- Ingestion points: Data enters through git show, git diff, and file reading.
- Boundary markers: Absent; no delimiters are defined to separate code content from instructions.
- Capability inventory: Access to Bash and Edit tools allows for potential system impact if the agent is misled.
- Sanitization: Absent; no filtering is applied to ingested repository data.
Audit Metadata