ezcater-research
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it retrieves and processes data from external systems. Ingestion points: Untrusted content enters the agent context through tools like
mcp__glean__company_search,atl jira issue view,atl confluence page view, andgh pr view. Boundary markers: The instructions do not define delimiters or specific 'ignore embedded instructions' warnings for the data being processed. Capability inventory: The agent is authorized to execute commands via theatl,gh, andgitCLIs, and has access to the local file system. Sanitization: No validation or sanitization of the retrieved content is mentioned in the research methodologies. - [COMMAND_EXECUTION]: The skill relies on several CLI tools to perform its functions, including
atl(for Jira/Confluence),gh(for GitHub), and standardgit. It also suggests the use ofrails runnerandrails consolefor interacting with development environments in specific troubleshooting scenarios. - [DATA_EXFILTRATION]: The skill facilitates access to sensitive internal company information, including architectural decision records (ADRs), RFCs, and repository history. These operations are performed using legitimate tools targeting official ezCater domains.
Audit Metadata