go
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands including
ls,head, andgit(log and branch) to analyze project structure, recent activity, and repository staleness. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and summarizing content from the codebase and external tools.
- Ingestion points: Project file content (
docs/arc/progress.md), git commit history, and issue data retrieved via Linear MCP tools. - Boundary markers: No explicit delimiters or instructions are used to isolate untrusted content from the system instructions.
- Capability inventory: File system inspection (
ls,head), git operations, and the ability to route to and invoke other internal skills (e.g.,/arc:ideate,/arc:build). - Sanitization: No sanitization or escaping of external strings was identified before the data is processed or passed to downstream skills.
Audit Metadata