show-me-your-work
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a local shell script (
scripts/log.sh) for logging. The script implements defensive measures by sanitizing inputs and escaping characters that could be interpreted as formulas in spreadsheet applications, mitigating potential CSV injection. - [DATA_EXPOSURE]: The instructions guide the agent to review its own transcripts for auditing but strictly prohibit accessing files outside the active project context, protecting user privacy.
- [PROMPT_INJECTION]: A cross-model review pattern is described which involves a secondary agent reading log data. While this is an ingestion point for potentially untrusted data, the risk of indirect prompt injection is addressed through input sanitization and a structured data format.
Audit Metadata