Skills
skills/awjreynolds/gadd/gadd-close/Gen Agent Trust Hub

gadd-close

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests data from local files such as ledger.yml and verification.md, which constitutes an indirect prompt injection surface. This is a low-risk surface associated with the skill's primary workflow.
  • Ingestion points: ledger.yml, verification.md, and gadd/config.yml (SKILL.md).
  • Boundary markers: None identified.
  • Capability inventory: Filesystem read/write operations for ledger management; network API calls to external trackers such as GitHub, Jira, and Linear (SKILL.md).
  • Sanitization: No explicit validation or sanitization of input file text is specified beyond checking status fields.\n- [EXTERNAL_DOWNLOADS]: The skill communicates with well-known external project management services. All such network operations are restricted to status synchronization and require explicit human confirmation for any mutations, aligning with safe operational practices.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 10:01 AM