catchup
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands like
git pull,git log, andgh pr listto manage the codebase and retrieve historical data. These operations are consistent with the skill's stated purpose of providing updates on repository changes. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from commit messages and pull request descriptions without sanitization or explicit boundary markers.
- Ingestion points: External data enters the agent context via the output of
git logandgh pr listas described in Step 3 of SKILL.md. - Boundary markers: The skill does not define clear delimiters (e.g., XML tags or specific block quotes) or provide instructions to the agent to ignore any embedded commands within the commit/PR text.
- Capability inventory: The skill possesses the capability to execute shell commands (
git,gh) and write to the output. - Sanitization: There is no evidence of data validation, escaping, or filtering applied to the retrieved git history before it is processed by the agent for summarization.
Audit Metadata