analyze
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its core function of processing untrusted source code.\n
- Ingestion points: Uses Read, Glob, Grep, and Bash git subcommands to inspect local files and repository history (SKILL.md).\n
- Boundary markers: Lacks specific delimiters or instructions to ignore embedded commands within analyzed data.\n
- Capability inventory: Authorized to write documentation and analysis plans to the working/plans/ directory (SKILL.md).\n
- Sanitization: No sanitization or content validation is applied to the ingested data before synthesis into the final report.\n- [COMMAND_EXECUTION]: The skill utilizes restricted shell commands for repository reconnaissance.\n
- Evidence: Executes git:log, git:blame, and git:show via the Bash tool.\n
- Context: These commands are limited to read-only git operations which are essential for the skill's stated purpose of deep code analysis.
Audit Metadata