workflow-reconciliation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Dynamic Execution (MEDIUM): The
assets/reconciliation-rules.jsonfile definescommit_templatestrings that interpolate the{name}variable into shell commands for Git operations. This pattern is vulnerable to command injection if plugin names or descriptions are maliciously crafted.\n- Indirect Prompt Injection (LOW): The skill processes untrusted data from.continue-here.mdfiles to determine and execute automated remediation steps.\n - Ingestion points:
plugins/{PluginName}/.continue-here.md\n - Boundary markers: Absent.\n
- Capability inventory: Git staging, Git committing, and file modification.\n
- Sanitization: Absent.
Audit Metadata