garfield
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to run validation commands including tests, type checks, linters, builds, and schema checks as part of its implementation hardening loop. This is consistent with its primary purpose as a development assistant.
- [DATA_EXPOSURE]: The skill reads data from the repository under review, specifically focusing on code diffs, specifications, documentation, and repository-local policy files located in
policies/**/*.md. Access is restricted to the current project context. - [INDIRECT_PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests untrusted data from the repository (e.g., code changes and user-defined policies) and passes it to subagents.
- Ingestion points: Repository files, diffs, and local policy documents (
policies/**/*.md). - Boundary markers: The skill uses markdown blocks and clear labels (e.g.,
<policy text>,<request>) to delimit untrusted content in subagent prompts. - Capability inventory: The agent can write to files (fix accepted concerns) and execute shell commands for validation (tests, linters).
- Sanitization: The main agent acts as a coordinator, explicitly instructed to judge subagent findings for validity and reject weak or out-of-intent suggestions, providing a human-like review layer between untrusted input and action.
Audit Metadata