ai-brag-document

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes standard command-line tools to retrieve work history. Specifically, it uses git log and git rev-parse to analyze local repository activity, and the GitHub CLI (gh pr list) to fetch information about merged pull requests.
  • [DATA_EXPOSURE]: The skill reads project-related documents from a user-defined Obsidian vault (such as PRDs, tech specs, and implementation notes). This access is limited to professional documentation folders (/engineering/<project>/workplans) and is necessary for its primary function of grounding impact statements in factual context.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes potentially untrusted external data such as git commit messages, PR titles, and documentation files which could contain embedded instructions. However, the risk is negligible as the agent uses this data to fill a structured impact-first template rather than executing instructions contained within the text.
  • Ingestion points: Reads metadata and content from git logs, GitHub PR entries, and local Markdown files within the Obsidian vault.
  • Boundary markers: The instructions do not define explicit delimiters for ingested data, but the task is constrained to a specific 'impact contract' format (Action → Result → Evidence).
  • Capability inventory: The skill has the capability to run shell commands (git, gh) and perform file system operations (Read, Write, Edit) on the local machine.
  • Sanitization: There is no specific sanitization of input data before it is formatted into the final brag document.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 02:44 PM
Security Audit — agent-trust-hub — ai-brag-document