try-fix
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection Surface: The skill is designed to ingest and execute a user-provided
test_commandusing PowerShell, which creates a potential surface for indirect prompt injection. \n - Ingestion points: The
test_commandinput parameter defined inSKILL.md. \n - Boundary markers: No explicit delimiters or boundary markers are defined to isolate the test command from other instructions. \n
- Capability inventory: The skill utilizes
pwsh(PowerShell) to execute scripts, performs file system writes viaSet-Content, and usesgitfor repository state management. \n - Sanitization: No sanitization or validation of the test command input is performed prior to execution. \n- Dynamic File Modification: The agent is instructed to programmatically modify source code files (e.g.,
.csfiles) to implement fix attempts. While this is the core purpose of the skill, it requires that the agent operates within a restricted environment to ensure changes remain within the intended project scope. \n- Dependency on Repository-Local Scripts: The skill's operational flow relies on the execution of specific scripts located in the repository's.github/scripts/directory, such asBuildAndRunHostApp.ps1. The security of these operations is dependent on the integrity of the scripts provided within the repository environment.
Audit Metadata