ci-setup
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to extract build, test, and linting commands from project configuration files (e.g., package.json, pyproject.toml) and execute them. This presents an indirect prompt injection surface where a malicious project could define harmful commands in its manifest files that the agent would then execute during the verification step.
- Ingestion points: package.json, tsconfig.json, pyproject.toml, go.mod, Cargo.toml, pom.xml.
- Boundary markers: None. The instructions do not provide delimiters or specific warnings to ignore instructions embedded within the data files.
- Capability inventory: Execution of shell commands via the local environment (bash/npm/pip/etc.).
- Sanitization: No sanitization or validation logic is specified for the commands extracted from external files before they are passed to the shell.
- [COMMAND_EXECUTION]: 'Step 5: Verify Locally' explicitly directs the agent to run the detected CI commands on the host machine. While necessary for verifying the pipeline, this action directly executes logic determined by the content of the project repository, which could be malicious if the repository is untrusted.
Audit Metadata