commit
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to identify and execute local task runners (e.g., just, make, npm, pytest) based on the presence of configuration files like 'Makefile', 'package.json', or 'justfile'. This is the primary mechanism for the 'Close the loop' validation step.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it executes commands discovered within untrusted local repository files.
- Ingestion points: The agent reads 'justfile', 'Makefile', 'Taskfile.yml', 'package.json', and lockfiles from the local repository to determine execution commands.
- Boundary markers: None present; the instructions direct the agent to run the discovered commands directly without delimiters or specific safety overrides for the command content.
- Capability inventory: The skill uses 'subprocess.run' (via the provided Python script) and agent-level command execution to run 'git' and arbitrary test/lint commands.
- Sanitization: There is no explicit sanitization or validation of the strings found in the project configuration files before they are passed to the shell/task runner.
Audit Metadata