church-anchor
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a custom command-line tool called
churchto manage project state. This includes loading repository context, viewing lifecycle anchors, updating a ledger with identified gaps, and advancing the phase status based on evaluation. These operations are restricted to project management tasks within the local repository environment. - [PROMPT_INJECTION]: The skill is designed to ingest and analyze external documentation such as roadmaps, architecture maps, and success requirements. While these artifacts represent a surface for indirect prompt injection, the skill's actions are confined to updating project metadata and lifecycle status through a specialized CLI tool, presenting no significant risk of exploitation or system compromise.
- Ingestion points: Repository context and external 'Bible' artifacts are loaded into the agent's context in SKILL.md.
- Boundary markers: None specified.
- Capability inventory: Modifies project state via
church ledgerandchurch lifecyclecommands. - Sanitization: None identified.
Audit Metadata