capture-progress
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute local verification tools such as
lat checkand existing project tests after modifying files to ensure documentation changes do not break system configurations. - [COMMAND_EXECUTION]: The capture workflow requires the agent to commit changes to git when tracked files are modified, ensuring that information captured from discussions is preserved in the repository history.
- [PROMPT_INJECTION]: This skill processes untrusted user conversation data to update persistent documentation, creating an indirect prompt injection surface. The instructions mitigate this by directing the agent to extract the underlying 'signal', rewrite the content for clarity, and remove conversational filler rather than performing raw data transcription.
Audit Metadata