self-healing-orchestrator
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's documentation (SKILL.md) explicitly describes the capability to autonomously generate, test, and deploy temporary hotfixes. This involves dynamic code generation and execution. The implementation in
src/index.tsinvokes an imported functionautoHealTestFailurethat is not defined in the providedsrc/lib.tssource, creating an unverified and high-risk execution path for deployment operations.\n- [COMMAND_EXECUTION]: TheHEALING_RUNBOOKinsrc/lib.tsdefines actions that suggest the execution of system-level commands, such aspnpm install,npm run typecheck, andnpm run clean, triggered by specific error patterns identified in logs.\n- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection by processing untrusted error logs to determine healing actions.\n - Ingestion points: Data is ingested from a user-provided file path via the
inputargument insrc/index.ts.\n - Boundary markers: No boundary markers or instructions to ignore embedded commands are present in the log parsing logic.\n
- Capability inventory: The skill claims the authority to restart services, scale resources, and deploy patches. It also uses
safeWriteFileto write to the file system.\n - Sanitization: Log data is matched against regular expressions and used to generate healing plans without sanitization or validation of the input content.
Audit Metadata