age
Pass
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes local command-line tools including
git,gh,delta, andmergiraffor repository interaction and diff inspection. It also executes a local Python script (shared/scripts/severity.py) to compute finding severities based on parameters determined by the agent's analysis. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted content from the codebase and PR metadata.
- Ingestion points: Untrusted data enters the context through
git diffoutputs, GitHub PR descriptions, and file content reads. - Boundary markers: The instructions do not define explicit delimiters or instructions to ignore potential commands embedded in the analyzed code.
- Capability inventory: The skill has the ability to write files to the
.cheese/age/directory and can trigger the/cureskill to apply automated fixes. - Sanitization: No sanitization of the input code or PR data is mentioned.
- [DATA_EXFILTRATION]: No unauthorized data exfiltration patterns were observed. All network-related tool usage (via
ghandgit) is directed at legitimate repository management tasks. - [SAFE]: No hardcoded credentials, malicious persistence mechanisms, or multi-layer obfuscation were detected. The skill maintains a human-in-the-loop selection gate for fix application outside of autonomous mode and follows structured reporting best practices.
Audit Metadata