Skills
skills/mattpocock/skills/review/Gen Agent Trust Hub

review

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: T h e s k i l l i s v u l n e r a b l e t o i n d i r e c t p r o m p t i n j e c t i o n b e c a u s e i t p r o c e s s e s u n t r u s t e d d a t a f r o m g i t d i f f s a n d c o m m i t m e s s a g e s .
  • I n g e s t i o n p o i n t s : G i t c o m m i t m e s s a g e s a n d f i l e d i f f s a r e r e a d a n d p a s s e d t o s u b
  • a g e n t s f o r a n a l y s i s .
  • B o u n d a r y m a r k e r s : N o d e l i m i t e r s o r s a f e t y i n s t r u c t i o n s a r e u s e d t o i s o l a t e u n t r u s t e d d a t a f r o m t h e s u b
  • a g e n t s ' p r o m p t s .
  • C a p a b i l i t y i n v e n t o r y : E x e c u t i o n o f g i t c o m m a n d s , f i l e r e a d i n g , a n d s p a w n i n g s u b
  • a g e n t s v i a t h e A g e n t t o o l .
  • S a n i t i z a t i o n : N o s a n i t i z a t i o n p r o c e s s i s m e n t i o n e d f o r t h e u n t r u s t e d i n p u t b e f o r e i t r e a c h e s t h e L L M .
  • [COMMAND_EXECUTION]: T h e s k i l l u s e s u s e r
  • s u p p l i e d i n p u t (`f i x e d
  • p o i n t) d i r e c t l y i n s h e l l c o m m a n d s s u c h a s g i t d i f fa n dg i t l o g`. I f t h e u s e r p r o v i d e s m a l i c i o u s l y c r a f t e d a r g u m e n t s , i t c o u l d l e a d t o c o m m a n d i n j e c t i o n v u l n e r a b i l i t i e s d e p e n d i n g o n t h e a g e n t ' s u n d e r l y i n g s h e l l h a n d l i n g .
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 02:03 AM