Skills
skills/open-horizon-labs/bottle/dive-prep/Gen Agent Trust Hub

dive-prep

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection because it is designed to ingest and process data from external and untrusted sources.
  • Ingestion points: The skill reads content from user-provided GitHub issue URLs and local project documentation files like CLAUDE.md.
  • Boundary markers: The instructions do not specify any delimiters or special handling to separate the gathered external content from the agent's core instructions.
  • Capability inventory: The agent can read local files, execute git commands, and write to the .wm/ directory.
  • Sanitization: No sanitization, validation, or filtering of the external data is described before it is integrated into the agent's context.
  • [COMMAND_EXECUTION]: The skill gathers local development context, specifically 'git state', which requires the execution of shell commands such as git status or git log by the agent or its sub-agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:57 PM
Security Audit — agent-trust-hub — dive-prep