Skills
skills/likw99/agent-skills/dev-card/Gen Agent Trust Hub

dev-card

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/analyze.py uses the subprocess module to execute git commands such as git log, git ls-files, and git rev-parse. These operations are used to gather repository statistics and are limited to the provided directory path.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing untrusted data from the git repository.
  • Ingestion points: scripts/analyze.py extracts commit subjects, author names, and emails using git log.
  • Boundary markers: Absent. The skill instructions do not provide delimiters or warnings to the agent to ignore instructions embedded within the git metadata.
  • Capability inventory: The agent can write markdown files to the repository root and display formatted text to the user.
  • Sanitization: Absent. The data extracted from git is passed directly into the AI's context to generate the developer card.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 06:45 AM