changelog
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection surface detected. * Ingestion points: The skill reads commit messages using git log and git show (SKILL.md). * Boundary markers: There are no instructions to treat commit data as untrusted or to use delimiters to prevent the agent from obeying instructions embedded in the repository history. * Capability inventory: The skill has the ability to write HTML files to the local directory and execute shell commands including git and open. * Sanitization: Commit messages are distilled into a summary without explicit sanitization or validation steps.
- [COMMAND_EXECUTION]: Local shell command execution for repository interaction and display. * Evidence: The skill executes git, wc, awk, and open commands to retrieve logs, calculate statistics, and display the generated HTML file. These operations are aligned with the skill's primary purpose.
Audit Metadata