Skills
skills/tjboudreaux/cc-plugin-perforce/tools-p4-changelist/Gen Agent Trust Hub

tools-p4-changelist

Pass

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Command Execution] (SAFE): The skill utilizes Perforce (p4) CLI commands to manage changelists, which is its primary purpose. These commands are standard for version control operations and do not show malicious intent.\n- [Prompt Injection] (LOW): Detected an indirect prompt injection surface (Category 8).\n
  • Ingestion points: The skill reads changelist descriptions and metadata using p4 describe and p4 changes (SKILL.md), which can contain user-controlled content.\n
  • Boundary markers: Absent. There are no delimiters to separate the external Perforce output from the agent's instructions.\n
  • Capability inventory: The skill employs shell commands like p4, sed, grep, and awk for processing and submission.\n
  • Sanitization: Absent. Data retrieved from Perforce is not sanitized before being incorporated into the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 19, 2026, 04:29 AM