unified-sovereign-operations
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- Privilege Escalation (HIGH): The
templates/github-actions-workflow.yml.templatefile includes commands usingsudo apt-get install -y shellcheck. While standard in CI/CD environments for tool setup, the use ofsudois a high-severity pattern in security audits. - Data Exposure & Exfiltration (MEDIUM): The skill is designed to ingest sensitive data from Gmail, WhatsApp, and external websites (
SKILL.md). It also includes automation inscripts/git_push.shto push local repository content to GitHub. If an attacker can influence the files being committed or the repository name through indirect injection, this facilitates data exfiltration. - Indirect Prompt Injection (LOW): The skill has an extensive attack surface for indirect injection by design.
- Ingestion points:
SKILL.md(Source Ingestion) andreferences/extraction-checklist.md(Website and Media extraction). - Boundary markers: None identified in the provided templates to isolate external content from instructions.
- Capability inventory:
scripts/git_push.sh(Network/Git),templates/master_deploy.sh.template(File Write/Git), andscripts/generate_valuation_charts.py(Subprocess/File Write). - Sanitization: Only basic filename regex sanitization is present in
references/evidence-schema.md. - Command Execution (MEDIUM): The skill contains several shell script templates (
scripts/git_push.sh,templates/master_deploy.sh.template) that perform repository initialization, configuration writing, and network-based pushes using the GitHub CLI (gh).
Audit Metadata