leaf-idea
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands including
git status,find, and a custom CLI tool (leaf init,leaf new) to manage internal state within the.leaf/directory. These operations are restricted to project maintenance and state inspection. - [SAFE]: The skill processes user-originated 'idea' text, which creates a potential surface for indirect prompt injection. However, the instructions mitigate this risk by requiring the agent to isolate raw user wording from the core analytical fields such as 'Why' and 'Locked intent' in the document structure.
- [SAFE]: No evidence of data exfiltration, credential harvesting, remote code execution, or obfuscation was found. The workflow references local documentation and performs standard domain research via web search capabilities without sensitive data exposure.
Audit Metadata