product-improvement-proposal
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses a surface for indirect prompt injection by ingesting untrusted data from the repository.
- Ingestion points: Reads various repository files including
README.md, configuration files (package.json,Cargo.toml), source code insrc/, and command output fromgit log. - Boundary markers: Absent. The skill instructions do not specify the use of delimiters (like XML tags) to isolate ingested file content from the system prompt.
- Capability inventory: None. The skill explicitly restricts itself to ideation and planning; it contains no network calls, file-write operations, or dynamic code execution capabilities.
- Sanitization: Absent. There is no explicit logic to filter or escape instructions embedded within the repo files.
- [Command Execution] (SAFE): The skill executes
git log --oneline -10andgit status --porcelain. These are standard, read-only commands used for context gathering and do not pose a security risk in this context.
Audit Metadata