team-memory
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local shell commands (find, git, gh) to discover configuration files, read commit history, and commit the final summary. These tools are used legitimately to achieve the skill's primary function of project consolidation.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface due to its core function of processing untrusted data from commit logs and pull requests.
- Ingestion points: Git logs, PR bodies via 'gh' CLI, and external tracker data (Linear/Jira) are read into the agent context from the local environment.
- Boundary markers: The instructions do not specify explicit delimiters or 'ignore embedded instructions' warnings when the agent reads external log or PR data.
- Capability inventory: The agent has the ability to run shell commands and write to files within the repository.
- Sanitization: The skill includes a mandatory PII filter step (Step 0) to ensure personal identifiers, confidential financial data, and personal chat content are removed before being consolidated into the team memory file.
Audit Metadata