Skills
skills/nesnilnehc/ai-cortex/archive-milestone/Gen Agent Trust Hub

archive-milestone

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from repository files to drive automated modifications, creating a surface for indirect prompt injection.
  • Ingestion points: The skill reads milestones/{slug}/tasks.md and roadmap.md to extract completion dates, task statuses, and deliverables (documented in SKILL.md Phase 1 & 2).
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands within the processed files are specified.
  • Capability inventory: The skill performs file creation (_archive/{slug}-summary.md), file modification (roadmap.md), directory deletion (milestones/{slug}/), and repository-wide search-and-replace (documented in SKILL.md Core Objectives).
  • Sanitization: There is no evidence of sanitization or validation for the strings extracted from tasks.md before they are interpolated into the generated summary or roadmap.
  • [COMMAND_EXECUTION]: The skill instructs the agent to perform significant file system operations, including directory removal and repository-wide string replacement.
  • Evidence: The skill requires the removal of the milestones/{slug}/ directory and a global 'grep' and update of all references to the old task paths across the entire repository (SKILL.md Core Objective 4 & 5).
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 12:02 PM