experiment-tracker
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection due to its core function of processing untrusted data from the execution environment.\n
- Ingestion points: Reads project files via file operations and system/application logs using bash.\n
- Boundary markers: Absent. There are no instructions to the agent on how to distinguish between data and instructions within the ingested content.\n
- Capability inventory: The skill utilizes bash for command execution, git for repository management, and comprehensive file system read/write operations.\n
- Sanitization: Absent. No mention of filtering, escaping, or validating the content of logs or project files before processing.\n- [COMMAND_EXECUTION]: The skill provides instructions for the agent to use powerful system tools, specifically bash and file operations, which allow for arbitrary command execution and file system manipulation within the user's environment.
Audit Metadata