temp
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill's description and mode instructions explicitly direct the agent to "bypass a guard" or "comment out a guard" when triggered by specific user keywords. Although these instructions are intended for local testing and debugging, the terminology mirrors patterns used to circumvent security or logic controls.- [COMMAND_EXECUTION]: The skill relies on executing shell commands to manage its state. It utilizes
grepto locate temporary markers and employsgit checkoutorgit restoreto revert file changes on the local system.- [INDIRECT_PROMPT_INJECTION]: The skill processes content from the local codebase which serves as an untrusted input source, creating a surface for indirect prompt injection. - Ingestion points: Local project files are searched and read during the "Make a temporary change" and "Undo" modes (SKILL.md).
- Boundary markers: No delimiters or instructions are provided to the agent to distinguish between code logic and potentially malicious instructions embedded in comments or strings within the codebase.
- Capability inventory: The agent can read files, write to the filesystem, and execute
gitcommands via subprocesses. - Sanitization: The skill lacks mechanisms to sanitize or validate the content of files before the agent acts upon them to make modifications.
Audit Metadata