execute
Warn
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute arbitrary shell commands defined in an external 'plan file' for task validation. The instructions require the agent to 'Execute exactly as specified' and run 'EVERY validation command' without safety checks or command sanitization.\n- [CREDENTIALS_UNSAFE]: The agent is directed to actively scan for and interact with sensitive files such as '.env', 'credentials', and 'secrets'. While the skill suggests user involvement for runtime-critical items, the directive to identify and confirm the presence of these files exposes them to the agent's broad file system access and command execution capabilities.\n- [PROMPT_INJECTION]: The skill is highly vulnerable to indirect prompt injection because its core logic depends on following instructions from external data sources like plan files and 'acceptance_criteria.md'. Mandatory Evidence: 1. Ingestion points: Plan files, acceptance_criteria.md, and user-supplied requests. 2. Boundary markers: Absent; no delimiters distinguish plan-based instructions from the agent's system prompt. 3. Capability inventory: 'bash' command execution, 'Edit' file modification, 'TeamCreate' orchestration, and 'Agent' subagent spawning. 4. Sanitization: Absent; the skill does not validate the safety or origin of the commands in the plan file.
Audit Metadata