Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/apex-status/Gen Agent Trust Hub

apex-status

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from local sources (git logs and project documentation) to generate summaries. This creates a standard surface for indirect prompt injection where malicious instructions could be embedded in commit messages or project files.
  • Ingestion points: Processes output from git log, git status, and various project files (README, CHANGELOG, TODO, etc.) as seen in the execution steps in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions are used to separate untrusted content from the system instructions.
  • Capability inventory: The skill is configured with access to Bash, Write, Edit, WebFetch, and WebSearch tools in the SKILL.md frontmatter.
  • Sanitization: The instructions do not specify any validation or sanitization for the data read from the codebase before synthesis.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 01:39 PM