start-hotfix
Warn
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill incorporates the user-provided
$ARGUMENTSdirectly into the shell commandgit flow hotfix start $ARGUMENTS. This creates a command injection vulnerability where a user could provide a version string containing shell metacharacters (e.g.,; rm -rf /) to execute unauthorized commands on the host system. - [PROMPT_INJECTION]: The user-supplied version string is interpolated into a prompt template used to initialize a new agent. This is a prompt injection surface where a malicious user could provide input designed to override the secondary agent's instructions, potentially leading to unauthorized actions or data access.
- [DATA_EXFILTRATION]: The skill automatically executes
git push -u origin hotfix/$ARGUMENTS. While this is standard for hotfix workflows, the automation of pushing to a remote repository with a user-controlled branch name could be leveraged for data exfiltration if the user has been social-engineered into adding a malicious remote repository.
Audit Metadata