finalize
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Orchestrates version control tasks using Git (
git add,git diff,git status,git push) and GitHub CLI (gh pr view) to manage the repository state. - [COMMAND_EXECUTION]: Invokes project-specific test suites and linters/formatters, which involves executing code and scripts defined within the local project environment.
- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection because the skill processes untrusted code and test outputs from the repository.
- Ingestion points: Reads file content and diffs via
git diff,grep, and file system searches in Phase 1 and Phase 3. - Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore potentially malicious directions embedded in the source code it processes.
- Capability inventory: Possesses capabilities to modify the local file system (
git add), execute shell commands (tests/lints), and push changes to remote repositories (git push). - Sanitization: Implements a specific safety rule to identify and warn against staging sensitive files like
.env, credentials, or API keys, which mitigates accidental data exposure.
Audit Metadata