codeup
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill implements a command-line wrapper
scripts/codeup.pythat allows an AI agent to execute complex operations on the Codeup platform, including creating, updating, and deleting files and branches. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. The agent is instructed to read and parse external content such as file contents via
get_fileand merge request comments vialist_merge_request_comments. Maliciously crafted content in these locations could be used to override the agent's instructions. - Ingestion points: File contents retrieved via
get_file, and merge request comments retrieved vialist_merge_request_comments(documented in SKILL.md). - Boundary markers: Absent. The skill does not define specific delimiters or instructions to ignore embedded commands when processing retrieved data.
- Capability inventory: The script
scripts/codeup.pyhas high-privilege capabilities including file-write (create_file,update_file), branch management (delete_branch), and organizational data access. - Sanitization: None mentioned in the provided documentation for processing external string data.
Audit Metadata