source-command-track-mentions
Pass
Audited by Gen Agent Trust Hub on May 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it reads and processes data from external, untrusted sources which could contain malicious instructions.\n
- Ingestion points: Untrusted data enters the agent context via Perplexity search results, WebSearch queries, and WebFetch operations on candidate URLs as defined in Step 2.\n
- Boundary markers: There are no explicit instructions or delimiters used to isolate the external content or warn the agent to ignore any embedded instructions within the fetched text.\n
- Capability inventory: The skill has the capability to write to local files (
docs/media-mentions/mentions.yaml) and execute shell commands viagitas described in Steps 5 and 8.\n - Sanitization: The skill does not implement explicit sanitization of the fetched data; it relies on the model to infer fields like platform and date from the retrieved snippets.\n- [COMMAND_EXECUTION]: The skill executes local git commands to persist updates to the mentions tracker.\n
- Evidence: Step 8 includes a bash block to run
git addandgit committo save the changes made to the documentation directory.
Audit Metadata