Skills
skills/wednesday-solutions/ai-agent-skills/brownfield-chat/Gen Agent Trust Hub

brownfield-chat

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes Bash permissions to run git log and git diff commands. These operations are restricted to standard repository history and difference queries, which are essential for its stated purpose of providing multi-file context and git history insights.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes data from external files (dep-graph.json, summaries.json, MASTER.md) that could potentially contain attacker-controlled content if the codebase analysis files are compromised.
  • Ingestion points: Data enters the context through Read calls to analysis files located in the .wednesday/codebase/ directory (SKILL.md).
  • Boundary markers: The instructions do not specify delimiters or instructions for the agent to ignore potentially malicious embedded content within the ingested files.
  • Capability inventory: The agent possesses Bash permissions for git commands and Read permissions for codebase analysis metadata (SKILL.md).
  • Sanitization: No sanitization or validation of the content within the JSON or Markdown analysis files is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 04:34 AM