start-hotfix
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from local project files.
- Ingestion points: Reads content from package.json, Cargo.toml, and VERSION files (SKILL.md).
- Boundary markers: No delimiters or instructions to ignore embedded instructions are provided when processing file content.
- Capability inventory: The skill has permissions to use Bash (restricted to git), Read, and Write tools.
- Sanitization: Content read from project files is not explicitly sanitized before use.
- [COMMAND_EXECUTION]: The skill directly interpolates user-provided arguments into shell commands, creating a potential command injection vector.
- Evidence: The $ARGUMENTS variable is used directly in 'git flow hotfix start' and 'git push' commands (SKILL.md).
Audit Metadata