update
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform JSON updates via
jqand manage temporary files. It explicitly instructs the agent to sanitize input by stripping shell metacharacters (backticks and angle brackets) and truncating arguments to 200 characters, which effectively reduces the surface area for command injection attacks. - [PROMPT_INJECTION]: To prevent indirect or direct prompt injection when communicating with sub-agents, the skill mandates the use of XML-style boundary markers (
<user_input>) to encapsulate user-provided data. This helps ensure the receiving orchestrator agent treats the content as data rather than instructions. - [DATA_EXFILTRATION]: The skill interacts with local project files such as
state.jsonandsigint.config.jsonto maintain session persistence. Analysis found no patterns indicating the exfiltration of sensitive data, access to system credentials, or unauthorized network operations.
Audit Metadata