gm
Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill mandates ignoring 'context limits, token budget, [and] time pressure', prioritizing user instructions over all other constraints or 'prior habits', which bypasses safety and operational boundaries.
- [COMMAND_EXECUTION]: By whitelisting 'systemctl' and 'docker', the skill enables the agent to manage system services and containers, posing a high risk of privilege escalation or persistent system changes.
- [DATA_EXFILTRATION]: Automated execution of 'git add -A && git commit && git push' in the final stage can lead to the unintended exfiltration of sensitive configuration files or secrets discovered in the local environment.
- [REMOTE_CODE_EXECUTION]: The agent's core 'EXECUTE' and 'EMIT' loops involve writing and executing arbitrary code on the local filesystem, which could be exploited to run malicious payloads if the agent processes untrusted inputs.
Recommendations
- AI detected serious security threats
Audit Metadata