review
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
git diffandgit logcommands to retrieve repository state and change history. - [COMMAND_EXECUTION]: Includes an instruction to run a setup command
/setup-matt-pocock-skillsfor configuring issue tracker integration. - [PROMPT_INJECTION]: The skill processes data from external specification sources (issues, PRDs) and code diffs, creating a surface for indirect prompt injection where instructions embedded in those files could influence agent behavior.
- Ingestion points: Git diff output, commit messages, and content retrieved from external issue trackers or local specification files (
docs/,specs/, etc.). - Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are used when passing the ingested content to the sub-agents.
- Capability inventory: Execution of shell commands (
git), reading local file system content, and spawning parallel sub-agents. - Sanitization: The skill does not perform validation or escaping of the ingested text before interpolation into the sub-agent prompts.
Audit Metadata