evolution
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingest and processes untrusted data from the agent's environment to suggest improvements.\n
- Ingestion points: As documented in the Hooks Integration section of
SKILL.md, the skill monitorstool_result(specifically bash output) andcontext(session history).\n - Boundary markers: There are no implementation details provided to show that the skill uses delimiters or specific instructions to prevent the agent from being influenced by instructions hidden within the monitored shell output.\n
- Capability inventory: The
workhub-integration/lib.tsscript has the capability to write files to the/tmpdirectory usingwriteFileSync.\n - Sanitization: No sanitization or escaping is performed on the data collected from bash output or context before it is interpolated into templates or written to temporary files.\n- [COMMAND_EXECUTION]: The skill generates shell commands that incorporate potentially untrusted input for manual execution by the user.\n
- Evidence: In
workhub-integration/lib.ts, thecreateEvolutionIssueandcreateEvolutionPRfunctions construct shell command strings using variables liketitleandcategory. If these variables are populated with malicious shell metacharacters from the monitored context, they could lead to command injection if the user copy-pastes and runs the suggested command without inspection.
Audit Metadata