Skills
skills/buildbetter-app/bb-skills/trust-but-verify/Gen Agent Trust Hub

trust-but-verify

Pass

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its ingestion of external data.
  • Ingestion points: The skill reads git diff output, gh pr view content, and project plans in docs/plans/ (Phase 1).
  • Boundary markers: The subagent prompts in analysis-prompt.md and report-prompt.md lack delimiters or instructions to treat external data as untrusted content.
  • Capability inventory: The skill possesses extensive capabilities, including executing shell commands (Bash), writing to the file system, and controlling a web browser via Playwright.
  • Sanitization: No input validation or sanitization is performed on the data ingested from the repository or GitHub before it influences agent actions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 6, 2026, 12:22 PM