liaison
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various shell commands via Bash to retrieve system information, including 'npm run build' for build logs, 'git status' and 'git log' for version control state, and 'find' to track recent file changes. These operations are aligned with the skill's primary purpose of status reporting.
- [EXTERNAL_DOWNLOADS]: The skill uses 'curl' to check the HTTP status of a local development server at 'http://localhost:3000/'. This is a standard check for verifying service availability in a local environment.
- [PROMPT_INJECTION]: This skill is vulnerable to indirect prompt injection because it processes untrusted data from the filesystem.
- Ingestion points: Git commit logs, source code 'TODO' comments, and build output are read and summarized.
- Boundary markers: No explicit boundary markers or instructions are provided to the agent to treat external data as untrusted or to ignore embedded commands.
- Capability inventory: The agent has access to 'Bash', 'Grep', and 'Read' tools, which could be misused if malicious instructions are successfully injected via project files.
- Sanitization: The skill does not perform any validation or sanitization of the content retrieved from logs or source code before including it in the output generation process.
Audit Metadata