Skills
skills/srstomp/pokayokay/finishing-branch/Gen Agent Trust Hub

finishing-branch

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses git status and git diff to inspect the local repository state and analyze code changes prior to finalizing work.
  • [COMMAND_EXECUTION]: The instructions prompt the agent to run arbitrary verification commands (e.g., test suites or build scripts) relevant to the changed code to ensure implementation quality.
  • [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by ingesting untrusted data from git output and verification results without explicit boundary markers or sanitization. While instructions in the repository could theoretically attempt to influence the agent, the skill mandates human confirmation for critical actions.
  • Ingestion points: Git command output and verification tool output processed in SKILL.md.
  • Boundary markers: None defined.
  • Capability inventory: Execution of git commands and arbitrary verification scripts.
  • Sanitization: None specified.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 12:19 AM