think
Warn
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to access sensitive configuration files, specifically naming ".env", to retrieve live values for planning purposes. This creates a risk of exposing secrets in the agent's output context.
- [COMMAND_EXECUTION]: The skill directs the agent to execute shell commands such as "pwd" and "git rev-parse --show-toplevel" to verify the environment and project root directory before performing operations.
- [PROMPT_INJECTION]: The skill processes external project data including ADRs, design docs, and issue threads to inform its planning. It lacks boundary markers or sanitization for this untrusted input, creating an attack surface for indirect prompt injection.
- Ingestion points: ADRs, design docs, issue threads (SKILL.md)
- Boundary markers: Absent
- Capability inventory: pwd, git, and local file reading (SKILL.md)
- Sanitization: Absent
Audit Metadata