nano
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes local shell scripts (e.g.,
find-artifact.sh,find-solution.sh,save-artifact.sh) to retrieve planning context and save resulting artifacts. These scripts are expected components of the skill's operational environment. - [PROMPT_INJECTION]: The skill ingests untrusted data from project files, git history, and previously generated artifacts to create its implementation plans, creating a surface for indirect prompt injection.
- Ingestion points: Retrieves project context and
thinkartifacts via helper scripts and shell commands inSKILL.md. - Boundary markers: Absent; the skill does not use specific delimiters or instructions to ignore embedded commands in the retrieved data.
- Capability inventory: The skill can execute shell scripts and write files, which could be misused if the planning process is subverted by malicious input.
- Sanitization: No explicit sanitization or validation of the ingested content is defined in the instructions.
Audit Metadata