gadd-next
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs read-only operations on repository-local files and external tracker metadata to determine the next action in a GADD workflow.
- [SAFE]: Network activity is restricted to checking official external tracker states (e.g., GitHub pull requests) which is consistent with the skill's stated purpose.
- [PROMPT_INJECTION]: The skill processes external data (PR bodies and local ledger files) which constitutes an indirect prompt injection surface. However, this is inherent to the skill's function of status reporting.
- Ingestion points:
gadd/work-items/**/ledger.yml,gadd/work-items/_drafts/, and external tracker sync bodies. - Boundary markers: Absent.
- Capability inventory: File system read access and network read access (via external tracker tools).
- Sanitization: Absent.
Audit Metadata