commit
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill instructs the agent to 'run all formatting and test commands' in Step 2. This is a high-risk operation because it executes arbitrary logic defined in the repository's configuration files (such as package.json scripts or Makefiles). If the repository content is provided by an untrusted source, this leads to immediate command execution on the user's machine.
- PROMPT_INJECTION (HIGH): This skill is vulnerable to indirect prompt injection (Category 8). Ingestion points: Git branch names (Step 8) and staged file contents (Step 3). Boundary markers: None. The skill does not use delimiters or instructions to ignore embedded commands within the data it reads. Capability inventory: Subprocess execution for tests (Step 2), file writes to CHANGELOG.md (Step 4/5), and git command execution (Step 11). Sanitization: None. The agent directly processes branch names and file diffs as inputs for reasoning and writing.
- REMOTE_CODE_EXECUTION (HIGH): By directing the agent to run repository-defined test suites, the skill creates a remote code execution vector whenever the agent interacts with code from external or untrusted PRs.
Recommendations
- AI detected serious security threats
Audit Metadata