finish-hotfix
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute shell commands for git operations and tests. While the allowed-tools configuration attempts to restrict Bash to git commands, the instructions specifically mandate running external test suites (e.g., via npm or make) identified from project files.
- [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface in Phase 2 where untrusted repository data is used to derive commands for execution.
- Ingestion points: Identification of test commands from
package.jsonandMakefile(Phase 2, Action 1). - Boundary markers: Absent; there are no delimiters or instructions to ignore malicious commands embedded in the project files.
- Capability inventory: The skill utilizes
Bash(git:*),Read, andWritecapabilities. - Sanitization: Absent; the skill does not validate or sanitize the commands found in project manifests before attempting execution.
Audit Metadata