Skills
skills/kirkchen/beat/archive/Gen Agent Trust Hub

archive

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands to create directories and move files as part of its core archiving logic.\n
  • Evidence: Use of mkdir -p beat/changes/archive and mv beat/changes/<name> beat/changes/archive/YYYY-MM-DD-<name> in Step 5.\n- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it reads and processes data from external project files that may be user-controlled or attacker-controlled in a shared environment.\n
  • Ingestion points: Reads proposal.md, design.md, and Gherkin .feature files from the change directory (SKILL.md).\n
  • Boundary markers: No delimiters or instructions to ignore embedded commands are specified when reading or syncing these files.\n
  • Capability inventory: The skill can create directories, move files, delete .feature.orig backups, and invoke external tools like superpowers:finishing-a-development-branch (SKILL.md).\n
  • Sanitization: No sanitization or validation of the content within the project files is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 09:21 AM