system-design
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs automated Git repository synchronization tasks to ensure a clean working tree and remote alignment. Evidence: uses
git fetch,git pull --rebase, andgit pushinSKILL.mdto manage branch states during the workflow. - [COMMAND_EXECUTION]: The skill optionally executes a localized Python script for project maintenance. Evidence:
Phase 6inSKILL.mdattempts to runpython3 scripts/update_readme_ideas_index.pyif the script exists in the local project directory. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes untrusted user-provided Markdown content to drive core logic. Evidence:
- Ingestion points: Reads
prd.md,idea.md, andvalidate.md(viaprd-reader.md). - Boundary markers: Absent; extracted requirements are interpolated directly into research prompts.
- Capability inventory: Includes repository write access, Git push capability, and local script execution.
- Sanitization: None; input from documents is used to define architecture decisions and technical choices.
Audit Metadata