safe-change
Pass
Audited by Gen Agent Trust Hub on Jun 3, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands such as
lsto locate test files and a variable<test-cmd>to run test suites. These operations are localized to the project environment and are expected for a developer-oriented skill. - [INDIRECT_PROMPT_INJECTION]: The skill features an attack surface where it reads external code files to determine modification impact and writes summary reports to a local wiki. Malicious content within the analyzed source code could theoretically influence the agent's reasoning or the content of the wiki report.
- Ingestion points: Reads local project source files and files within the
llmwiki/directory. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands within read content are defined.
- Capability inventory: Includes file write access to the wiki directory and shell command execution for testing purposes.
- Sanitization: The instructions do not specify any filtering or escaping of content extracted from source files before it is processed or written to the wiki.
Audit Metadata