ce-dogfood
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various shell commands to manage the git environment, analyze PRs, and run tests.
- It resolves the repository's trunk branch and executes
git diffto identify changes. - It utilizes the GitHub CLI (
gh) to view PR information and check out specific branches or PRs. - It invokes browser automation via the
agent-browserCLI to interact with the application. - [COMMAND_EXECUTION]: The skill automatically initiates project-specific development processes.
- It identifies and starts the development server (e.g.,
bin/dev,npm run dev) without human intervention to facilitate testing. - It includes an autonomous 'Fix Loop' that can modify application code and commit changes back to the repository using
git commitvia thece-commitskill. - [DATA_EXFILTRATION]: The skill reads high-value project documentation to establish testing context.
- It accesses files such as
STRATEGY.md,VISION.md, andPERSONAS.mdto align test cases with product goals. - It retrieves PR metadata and diffs from GitHub, which may contain sensitive intellectual property.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data as part of its core logic.
- Ingestion points: Processes PR diffs, branch content, and live web page content from the development server. These sources are identified in the file
SKILL.mdunder Phase 1 and Phase 4. - Boundary markers: Lacks explicit delimiters or instructions to ignore embedded commands within the analyzed code or web content.
- Capability inventory: Possesses significant capabilities including shell execution, file system writes, and the ability to commit code changes.
- Sanitization: No evidence of sanitization or filtering of the content retrieved from diffs or browser interactions before it is processed by the model.
Audit Metadata