Skills
skills/sambernhardt/skill-retroactive-uifork/retroactive-uifork/Gen Agent Trust Hub

retroactive-uifork

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill suggests installing the uifork npm package and the sambernhardt/uifork agent skill. Both resources are authored by the skill owner.
  • [COMMAND_EXECUTION]: The skill performs various shell operations using git and pnpm. There is a potential risk of command injection if the agent processes maliciously crafted branch names or file paths without validation.
  • [PROMPT_INJECTION]: The skill processes untrusted data from Git commit messages to generate labels and documentation, posing a risk of indirect prompt injection.
  • Ingestion points: Git log and show commands (Phase 1, 3, 4 in SKILL.md).
  • Boundary markers: No delimiters or warnings are used for commit history data.
  • Capability inventory: Subprocess execution (git, pnpm), file writing (SKILL.md).
  • Sanitization: No sanitization or validation of commit messages or subjects.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 07:38 PM