been-there-done-that
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on executing system commands such as git, awk, sed, basename, and head. These are used to analyze git history and file content. The use of user-provided paths in these commands presents a surface for command injection if the agent does not properly sanitize the input before execution.
- [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection by ingesting untrusted data from multiple sources.
- Ingestion points: Reads the global log file (been-there-done-that.md), repository README.md files, and git commit messages.
- Boundary markers: The instructions do not define boundary markers or directives to ignore instructions when processing these inputs.
- Capability inventory: The skill has the ability to execute git commands and write to the local file system.
- Sanitization: There is no mention of sanitizing or escaping the content read from git or the log file before it is used in the drafting and analysis phases.
Audit Metadata