explain
Warn
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands (
git log) using the<file>placeholder, which is derived directly from user-provided$ARGUMENTS. If the agent or platform does not strictly validate this input, an attacker could provide shell metacharacters (e.g.,; rm -rf /) to execute arbitrary commands on the host system. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its primary function of reading and explaining code and git history. Malicious instructions embedded in the code being analyzed could hijack the agent's session.
- Ingestion points: Source code files and git commit logs as specified in the
Code ExplanationandFlow Explanationsections ofSKILL.md. - Boundary markers: Absent. The instructions do not direct the agent to treat the analyzed content as data only or to ignore instructions found within that data.
- Capability inventory: The agent has access to the local file system and the ability to execute
git logshell commands as defined inSKILL.md. - Sanitization: Absent. The skill does not define any validation or filtering for the content it processes before analysis.
Audit Metadata