fix
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
git rev-parse --show-toplevelto programmatically identify the project's root directory. This is a legitimate and safe operation used to determine the correct location for the backlog file.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it ingests user-provided text as task descriptions and stores them inbacklog.md, which the agent later reads. This behavior is consistent with the skill's primary purpose and is classified as safe.\n - Ingestion points: User input through the
/fixcommand arguments and existing markdown content inbacklog.md.\n - Boundary markers: None present; input is directly interpolated into markdown list items.\n
- Capability inventory: Reads and writes to the local
backlog.mdfile and executes basic Git commands for path resolution.\n - Sanitization: No explicit sanitization or escaping of the description text was found before it is written to the file.\n- [SAFE]: No obfuscation, hardcoded credentials, or unauthorized network operations were detected. The skill's external reference to the author's repository is documented as a trusted vendor resource.
Audit Metadata