closer
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes several standard shell commands including
ls,grep,mkdir,mv, andgitto perform file system operations and version control tasks. These operations are restricted to the local repository and are consistent with the skill's stated purpose of archiving feature development files. - [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection by reading external content from the local file system.
- Ingestion points: Reads task completion status from
backlog/plans/{NNN}-{slug}/tasks.mdin Step 2. - Boundary markers: There are no explicit boundary markers or "ignore instructions" warnings specified for the content read from
tasks.md. - Capability inventory: The skill has the capability to move files (
mv), create directories (mkdir), and perform Git commits (git add,git commit). - Sanitization: The skill includes a validation step in Step 1 that requires the input identifier to match an existing folder in
backlog/plans/before proceeding, which provides a layer of protection against arbitrary path injection.
Audit Metadata