04-audit-and-release
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the 'php antonella makeup' command to optimize the autoloader and build the application. This command runs local PHP code and potentially executes arbitrary scripts defined in the project's composer.json.
- [EXTERNAL_DOWNLOADS]: The 'makeup' command is documented to perform 'composer install --no-dev -o', which pulls third-party packages from the public Packagist registry. These dependencies are not explicitly versioned or verified within the skill's instructions.
- [PROMPT_INJECTION]: The skill functions as a security auditor for external plugin code. This creates an indirect prompt injection vulnerability where malicious instructions or adversarial patterns inside the audited files could manipulate the agent's behavior during the 'Auto-Fix' or 'Release' phases. Ingestion points: User-provided plugin files and local standards at '../../normative/'. Boundary markers: None; the agent processes the code directly as instruction data. Capability inventory: Shell command execution, filesystem access (read/write/delete), and ZIP generation. Sanitization: No sanitization or sandboxing of the audited content is performed before processing.
Audit Metadata