Skills
skills/lu1sdv/skillsmd/cook/Gen Agent Trust Hub

cook

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) due to its core orchestration logic.
  • Ingestion points: It processes user-provided strings and external files like PLAN.md (documented in SKILL.md) to define agent tasks.
  • Boundary markers: There are no instructions or templates in the skill to use delimiters or protective guardrails when interpolating external content into prompts for sub-agents.
  • Capability inventory: The orchestrator can execute git commands and trigger recursive agent actions across multiple code branches.
  • Sanitization: No sanitization or escaping of interpolated content (such as ${lastMessage} in references/spec.md) is performed before task delegation.
  • [COMMAND_EXECUTION]: The skill utilizes local shell commands for its primary orchestration logic.
  • Evidence: Instructions in SKILL.md and references/spec.md detail the use of git diff for automated reviews and git worktree for managing parallel execution flows for the 'race' or 'vs' operators.
  • [EXTERNAL_DOWNLOADS]: The documentation references an external command-line interface for extended functionality.
  • Evidence: The README.md and SKILL.md suggest the optional installation of the @let-it-cook/cli package via NPM for standalone terminal or CI usage.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 01:47 PM