weekly-report
Warn
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs and executes shell commands in
references/execution-flow.mdusing the user-controllableauthorparameter (e.g.,git log --author="用户名"). If the agent environment does not properly escape this parameter, an attacker could provide a malicious string containing shell metacharacters to execute arbitrary commands on the local system. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted commit messages from the Git history.
- Ingestion points: Git commit logs are fetched and analyzed in
references/execution-flow.md(Step 1). - Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between legitimate data and potential instructions embedded within commit messages.
- Capability inventory: The skill is capable of executing shell commands (git) and reading git configuration (name and email).
- Sanitization: The instructions do not specify any sanitization, filtering, or validation of the commit data before it is analyzed to generate the report.
Audit Metadata