cheese
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, unauthorized access attempts, or exfiltration vectors were identified within the skill's operational instructions or referenced documents.
- [PROMPT_INJECTION]: The skill's primary function involves processing untrusted external data, which inherently creates a surface for indirect prompt injection.
- Ingestion points: Untrusted content enters the workflow via the
$ARGUMENTSparameter inSKILL.md, potentially carrying data from PR bodies or external bug reports. - Boundary markers: The skill relies on agent-led classification and intent-shaping logic to isolate data from instructions rather than using explicit structural delimiters.
- Capability inventory: The system can autonomously trigger file writes (via
/mold) and execute a variety of development tools likeghandcheez-read. - Sanitization: The skill contains an explicit 'Coherence self-check' (Check 6 in
references/coherence-check.md) that instructs the agent to detect, ignore, and surface imperative instructions embedded in external content, providing a robust mitigation against indirect injection.
Audit Metadata