progress-show
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill performs routine local filesystem operations including searching for the project root, reading PROGRESS.md, and creating backup files during format upgrades.
- [COMMAND_EXECUTION]: The skill uses
gitto analyze commit history for automatic language detection (English/Chinese). This usage is restricted to local metadata and provides legitimate project-specific functionality. - [PROMPT_INJECTION]: The skill ingests untrusted content from the
PROGRESS.mdfile. 1. Ingestion points: ReadingPROGRESS.mdfrom the project root. 2. Boundary markers: Absent; there are no explicit delimiters to isolate the file content from agent instructions. 3. Capability inventory: Filesystem write access for initializing the progress file or performing upgrades. 4. Sanitization: Absent; content is extracted based on headers and displayed directly. While this represents an indirect prompt injection surface, the risk is negligible because the logic is focused on parsing specific sections for display rather than executing content.
Audit Metadata