run-tests
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests data from repository files (JSON, SKILL.md) via a subagent. Evidence Chain: 1. Ingestion points: .claude-plugin/marketplace.json, plugins//.claude-plugin/plugin.json, skills//SKILL.md, plugins//agents/.md; 2. Boundary markers: Absent; 3. Capability inventory: Bash (git diff, jq, ls, readlink, test), Read, Glob, Agent; 4. Sanitization: Absent. The lack of delimiters or instruction-ignore warnings for this content creates a surface for indirect prompt injection, although the subagent's task is limited to structural validation.
- [COMMAND_EXECUTION]: The skill incorporates user-provided $ARGUMENTS into a git diff command. While the allowed-tools configuration restricts execution to specific binaries, unvalidated arguments could potentially be used for unintended command flags.
- [SAFE]: The skill implements a restricted execution environment by explicitly defining allowed-tools, limiting shell access to a minimal set of necessary commands.
Audit Metadata