Skills
skills/howells/arc/review/Gen Agent Trust Hub

review

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a shell script located at ${ARC_ROOT}/scripts/cleanup-orphaned-agents.sh to manage subagent processes. It also performs standard Git operations (git fetch, git diff, git commit) to analyze code changes and update plan documentation.
  • [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface (Category 8). It ingests untrusted data from project plans, conversation history, and git diffs, interpolating this content directly into prompts for subagents (sonnet model).
  • Ingestion points: Plan files (docs/arc/plans/*.md), conversation context, and git diffs.
  • Boundary markers: None detected; external content is placed directly into subagent tasks.
  • Capability inventory: The agent can write to the filesystem, perform Git commits, and execute shell scripts.
  • Sanitization: No sanitization or escaping of the ingested plan content is described before it is passed to subagents.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 04:39 PM
Security Audit — agent-trust-hub — review