Gitee Workflow Automation
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions specify using a tool named
RunCommandto perform Git operations, such as pushing code to a new branch, which involves executing shell commands in the execution environment. - [PROMPT_INJECTION]: Indirect Prompt Injection Surface:
- Ingestion points: Untrusted data enters the agent context through issue descriptions, pull request summaries, file contents, and search results retrieved via Gitee MCP tools (
SKILL.md). - Boundary markers: The instructions lack explicit boundary markers or delimiters to isolate ingested external content from system instructions.
- Capability inventory: The skill possesses capabilities to create and update Gitee issues/PRs, merge pull requests, and execute system commands (
SKILL.md). - Sanitization: There is no evidence of sanitization, validation, or instructions to ignore embedded commands within the external data before it influences the agent's logic.
Audit Metadata