scope-guard
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to execute standard localgitcommands, such asgit branch --show-currentandgit diff --name-only. These operations are limited to metadata extraction from the local environment and do not involve network connectivity or elevated permissions. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection as it processes environmental data (filenames) which could be controlled by an attacker. Ingestion points: File names returned by
git diff; Boundary markers: None provided in the command processing phase; Capability inventory: Access to theBashtool for repository management; Sanitization: No explicit sanitization of filenames is performed before categorization. The risk is mitigated by the assistant's narrow focus on file classification. - [SAFE]: Explicit safety guardrails are defined in the 'AI Assistant Instructions' section, specifically forbidding the AI from discarding files or resetting staged changes without a direct user decision. This 'human-in-the-loop' requirement effectively prevents accidental or malicious data loss.
Audit Metadata