dark-factory
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from Jira tickets via the brianna skill and passes it to sub-agents and shell commands. * Ingestion points: Jira ticket fields (description, summary) fetched in SKILL.md. * Boundary markers: None. * Capability inventory: File system write, shell command execution (git, npm, gh), and sub-agent delegation. * Sanitization: None.
- [COMMAND_EXECUTION]: The skill routinely executes shell commands for git operations, package management (npm), and merge request creation (gh). These powerful tools are invoked using strings that may include data from untrusted external sources.
- [EXTERNAL_DOWNLOADS]: The skill performs external network operations and downloads through git pull, git push, and package installation commands (e.g., npm install recharts in examples). While targeting standard developer services, this involves executing code or processing data from remote sources.
Audit Metadata