start
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the command
git log -3 --oneline --format="%h %s (%ar)"to retrieve recent activity. This is a local, read-only operation intended for project context. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its data ingestion patterns.
- Ingestion points: The agent ingests commit messages from the git history and file paths discovered via glob scanning (
ruoyi-modules/ruoyi-*/src/main/java/**/controller/*Controller.java). - Boundary markers: No explicit delimiters or instructions are used to separate untrusted git logs or file paths from the core instructions, potentially allowing a malicious actor with commit access to influence agent behavior.
- Capability inventory: The skill performs file system scanning and local shell command execution.
- Sanitization: There is no evidence of sanitization or filtering applied to the retrieved commit messages or file names before they are presented to the agent's context.
Audit Metadata