ce-dogfood-beta
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various local CLI tools including 'git' for branch management and diffing, 'gh' for pull request operations, and 'agent-browser' for automated browser testing. It also manages the lifecycle of a local development server by executing project-specific start commands found in the repository configuration.- [PROMPT_INJECTION]: The skill has an Indirect Prompt Injection surface because it processes untrusted data from the repository to guide its autonomous actions. \n
- Ingestion points: Reads project documentation such as 'STRATEGY.md', 'VISION.md', and 'PERSONAS.md', as well as git diffs and browser snapshots from the branch under test. \n
- Boundary markers: The instructions do not specify any delimiters or ignore-instructions warnings when reading these external files. \n
- Capability inventory: The skill can perform autonomous code modifications ('auto-fixes'), commit changes to the repository, and execute shell commands. \n
- Sanitization: There is no evidence of sanitization or escaping of the ingested content before it is used to influence the agent's logic for fixing bugs or generating reports.- [DATA_EXFILTRATION]: The skill accesses local '.env' files to determine the 'PORT' configuration for the development server. While this involves reading potentially sensitive files, the access is restricted to identifying port numbers for local service connectivity.
Audit Metadata