Skills
skills/bsene/skills/logging-daily-progress/Gen Agent Trust Hub

logging-daily-progress

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a bundled shell script scripts/collect_commits.sh and standard git commands (git config, git log, git branch) to gather user identity and commit history. These operations are restricted to the local environment and are consistent with the skill's stated purpose.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests untrusted data from the repository (git commit subjects and code diffs) to automatically draft 'Impact' and 'Learnings' sections. A malicious user with the ability to commit to the repository could craft commit messages containing instructions designed to override the agent's behavior during the summarization process.
  • Ingestion points: Commit subjects and code diffs retrieved via git log and processed in the workflow for drafting summaries.
  • Boundary markers: The instructions do not specify any delimiters or safety warnings for the agent to ignore instructions embedded within the git data.
  • Capability inventory: The agent has the ability to execute shell scripts and write to files (progress-daily.md) within the repository.
  • Sanitization: No explicit sanitization or filtering of commit content is performed before the agent processes it for drafting.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 03:54 PM
Security Audit — agent-trust-hub — logging-daily-progress