Skills
skills/yonatangross/orchestkit/checkpoint-resume/Gen Agent Trust Hub

checkpoint-resume

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill processes untrusted data from the local filesystem and git environment, which could be used to influence the agent's execution plan.
  • Ingestion points: .claude/pipeline-state.json (read by the agent and scripts/show-status.sh) and git branch names (read by scripts/init-pipeline.sh).
  • Boundary markers: Absent. The instructions for reading the state file do not specify the use of delimiters or 'ignore embedded instructions' warnings for the JSON content.
  • Capability inventory: The skill allows the agent to execute git commits (git commit), modify the filesystem, and interact with the GitHub CLI (gh issue create).
  • Sanitization: No explicit sanitization or validation of the branch names or state file entries is performed before the agent interprets them.
  • Command Execution (SAFE): The provided bash scripts (scripts/init-pipeline.sh and scripts/show-status.sh) perform standard operations using git and jq. The logic is transparent, non-obfuscated, and restricted to local repository management.
  • Data Exposure (SAFE): Progress is tracked in a local directory (.claude/). No evidence of credential hardcoding or external data exfiltration was found.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 02:49 PM