Skills
skills/codenamev/claude_memory/quality-update/Gen Agent Trust Hub

quality-update

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute Ruby development commands (bundle exec rake, bundle exec rspec) and Git operations (git add, git commit). These commands are standard for the intended development workflow but provide a path for arbitrary command execution if the input data is manipulated.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it derives its implementation tasks from the docs/quality_review.md file.
  • Ingestion points: The file docs/quality_review.md is read at the start of the process to prioritize and select fixes.
  • Boundary markers: There are no explicit boundary markers or instructions to ignore potential commands embedded within the text of the review document.
  • Capability inventory: The agent possesses Edit, Write, and Bash capabilities, allowing it to modify the codebase and execute shell commands based on the instructions it reads.
  • Sanitization: No validation or sanitization is performed on the content of the review document before the agent acts upon it.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 10:06 AM