workflow-ship-faster
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to indirect prompt injection (Category 8) because it ingests data from untrusted repositories and has high-privilege capabilities.\n
- Ingestion points: Project configuration files (
package.json), documentation (README.md), and checklists (tasks.md) within therepo_rootprovided by the user.\n - Boundary markers: The skill relies on natural language instructions and markdown headers. While 'Approval' steps are requested, there are no robust delimiters to separate untrusted data from system instructions.\n
- Capability inventory: The agent is instructed to perform file system operations (moving directories via
auto_archive.py), modify project code, and execute external CLI tools for version control (gh), deployment (vercel), and billing (stripe).\n - Sanitization: No explicit sanitization or filtering of external content is performed before the agent interprets it to create plans or checklist items.\n- [COMMAND_EXECUTION] (HIGH): The skill directs the agent to execute powerful CLI tools. While standard for development, their execution is triggered and parameterized by the analysis of potentially malicious project files.
Recommendations
- AI detected serious security threats
Audit Metadata