leaf-clean
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface.
- Ingestion points: The skill reads and processes user-provided LEAF documents through the
leaf reviewcommand and direct content analysis specified inSKILL.md. - Boundary markers: Absent. The instructions do not define delimiters or provide specific warnings to the agent to ignore instructions embedded within the markdown files being cleaned.
- Capability inventory: The agent has the authority to execute shell commands (
gitandleafCLI), modify the contents of files, and perform directory manipulations such as moving and renaming folders inSKILL.md. - Sanitization: Content from external documents is not escaped, sanitized, or validated before it is processed or rewritten by the agent.
- [COMMAND_EXECUTION]: Local shell command and file system interaction.
- Evidence: The skill executes several CLI tools including
git status,leaf doctor,leaf review, andleaf checkpointto manage the project workspace as seen inSKILL.md. - Evidence: The 'Migrate' section in
SKILL.mdincludes logic for structural changes to the project directory, such as renamingseedsto01-sproutsand moving item folders one by one based on findings from theleaf doctortool.
Audit Metadata