Skills
skills/verygoodopensource/vgv-wingspan/debrief/Gen Agent Trust Hub

debrief

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill performs legitimate operations such as reading git logs and GitHub PR information to generate documentation. These activities are consistent with its primary purpose as an incident review tool.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to the ingestion of untrusted incident descriptions and logs.
  • Ingestion points: Data enters the agent context through the $ARGUMENTS variable in SKILL.md.
  • Boundary markers: Input data is encapsulated within <incident_context> tags.
  • Capability inventory: The skill has the ability to execute git and GitHub CLI commands and write files to the local directory.
  • Sanitization: The skill does not explicitly sanitize or validate the content of the incident description before using it to guide analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 04:46 PM