finish-hotfix
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill identifies and executes test commands directly from local configuration files such as
package.jsonorMakefileduring the pre-finish phase. - [PROMPT_INJECTION]: The skill processes data from the repository environment, including branch names, version arguments, and commit logs, to perform operations. This represents an indirect prompt injection surface.
- Ingestion points: Current git branch names, command arguments, project build files (
package.json,Makefile), and git commit history (used for changelog generation). - Boundary markers: No boundary markers or 'ignore' instructions are used when interpolating repository-sourced data into commands or changelog updates.
- Capability inventory: Uses
Bash(git:*)for repository manipulation andWritefor modifying theCHANGELOG.mdfile. - Sanitization: No sanitization or verification of the content from git logs or configuration files is performed before processing.
Audit Metadata