divine-mobile-guide-creator
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches source code from the divine-mobile repository on GitHub.
- Evidence: Uses
git clone --depth 1 https://github.com/divinevideo/divine-mobileinSKILL.mdto collect source material for the guide. - [COMMAND_EXECUTION]: Executes shell commands for build automation and version control within the local blog environment.
- Evidence: Employs
mktempfor workspace creation,jekyll buildfor site verification, andgit add/commit/pushto update the repository at/home/blog. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes and summarizes content from an external repository.
- Ingestion points: Reads documentation and configuration files (e.g.,
README.md,docs/*.md,pubspec.yaml) from the cloneddivinevideo/divine-mobilerepository. - Boundary markers: There are no explicit markers or delimiters used to separate the ingested remote content from the agent's internal instructions.
- Capability inventory: The agent has the ability to write files to the blog directory, execute build commands, and perform network operations via
git push. - Sanitization: The skill contains proactive instructions to mask specific secrets like
CF_STREAM_TOKEN, which is a security best practice, but it lacks general validation or sanitization for arbitrary text found in the repo's documentation.
Audit Metadata