Skills
skills/terrylica/cc-skills/impact/Gen Agent Trust Hub

impact

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill includes instructions for 'Self-Evolution' and 'Post-Execution Reflection' that direct the agent to autonomously rewrite the SKILL.md file. This pattern of persistent self-modification can be exploited to alter agent behavior if the reflection process is influenced by malicious data.
  • [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by processing external repository data without sufficient safety boundaries.
  • Ingestion points: Untrusted codebase symbols and file contents processed by the gitnexus tool in the analyze and impact steps.
  • Boundary markers: Absent; there are no explicit delimiters or instructions to ignore embedded commands within the analyzed code data.
  • Capability inventory: The agent has access to the Bash tool for command execution and instructions to modify the SKILL.md file.
  • Sanitization: Absent; there is no validation or escaping of output from the gitnexus commands before it is used to inform agent reflection and skill updates.
  • [COMMAND_EXECUTION]: The skill executes gitnexus and mise commands to perform its core functions. These commands are expected within the context of a development analysis tool provided by the vendor.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 06:16 AM