stashing
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple internal shell scripts located in
${CLAUDE_PLUGIN_ROOT}/scripts/to manage file stashing, state checking, and project resets. - [COMMAND_EXECUTION]: Uses
git diff --statto identify changes in the repository when resuming from a stash. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting the contents of
snapshot.mdand legacy markdown files during the resume protocol. Ingestion points: SKILL.md (reads local stash files). Boundary markers: None identified. Capability inventory: Includes shell script execution and file system operations defined in SKILL.md. Sanitization: None implemented.
Audit Metadata