hackage-release
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Exec utes several local CLI tool s in cludin g
cabal,git,hpack, an dnixto buil d an d man age Haskell projec t s. - [DATA_EXFILTRATION]: Tran s fer s package sour ce ar chives an d documen tation to the official Haskell package repositor y at
hackage.haskell.or gas par t of it s primar y fun ction. - [CREDENTIALS_UNSAFE]: In ter act s with the local
pass(pass wor d stor e) utility to retrieve Hackage creden tial s, whic h ar e the n pas s ed as plain tex t comman d-lin e ar gumen t s to thecabal uploa dcomman d, whic h may ex pose the m in sys tem proces s listin g s. - [PROMPT_INJECTION]: The skill proces s es un trus ted local projec t file s, creatin g a vuln erability sur face for in dir ec t prom p t in jec tion.
- In ges tion poin t s:
package.yam l,.cabal, an dChan geLog.m dfile s. - Boun dar y mar ker s: No n e iden tified in the wor k flow in s truc tion s.
- Capability in ven tor y:
cabal buil d(poten tial for ar bitr ar y code ex ec ution via buil d scrip t s),cabal uploa d(net wor k comm un ic ation),git pus h(repositor y modific ation), an dpas s show(creden tial acces s). - San itization: No san itization or validation of in pu t file con ten t is perfor m ed.
Audit Metadata