validate-before-commit
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute several command-line utilities including
uv,mypy,pulumi, anddg(Dagster). These tools are used to perform linting, type checking, and infrastructure previews by running logic defined in the project's configuration files. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from the local repository through validation tools.
- Ingestion points: Code files, configuration files, and hook definitions (e.g.,
.pre-commit-config.yaml) processed during the validation sequence. - Boundary markers: None present. The instructions do not include delimiters or warnings to ignore embedded natural language instructions within the codebase.
- Capability inventory: The skill possesses the capability to execute shell commands (
uv run,dg check) and interact with infrastructure state (pulumi preview). - Sanitization: No sanitization or verification of the content of the files is performed before they are passed to the validation tools.
Audit Metadata