council
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to utilize 'shell' subagent types to perform CLI operations, git management, and log analysis. These commands are executed within the context of the platform's standard Task tool and are consistent with the skill's purpose for codebase management.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it is designed to ingest and act upon data gathered from an external codebase. This data is then used to prompt subagents that possess broad capabilities including shell execution and code modifications.
- Ingestion points: Codebase survey and informational gathering steps described in SKILL.md.
- Boundary markers: The instructions lack explicit delimiters or safety headers to prevent the agent from following instructions that may be embedded within the files being analyzed.
- Capability inventory: The Task tool allows for shell command execution and general-purpose code editing across the repository.
- Sanitization: There is no process defined to sanitize or validate the content extracted from the codebase before it influences subsequent agent or subagent actions.
Audit Metadata