resolver
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool for version control operations, but its capability is strictly constrained to git status, git diff, and git add commands through the allowed-tools configuration in SKILL.md.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it processes content from task return files and the repository. (1) Ingestion points: .claude/squad/runs/ JSON files and unmerged project files identified in SKILL.md. (2) Boundary markers: No protective delimiters or instructions to ignore embedded commands are present. (3) Capability inventory: File manipulation tools (Read/Write/Edit) and limited git staging operations. (4) Sanitization: No explicit validation or filtering of ingested data is described.
Audit Metadata