hotfix-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple Git commands (
git fetch,git checkout,git push) and build/test tools (dotnet build) as part of its core automation workflow. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection (Category 8) because it ingests and acts upon untrusted data.
- Ingestion points: The instructions direct the agent to "Analyze the issue from the Jira ticket or user description" within the SKILL.md file.
- Boundary markers: No delimiters or safety instructions are provided to the agent to prevent it from obeying malicious instructions embedded within the Jira ticket text.
- Capability inventory: The agent possesses the capability to modify source code, execute subprocesses via
dotnet build, and perform network operations viagit pushto remote origins. - Sanitization: There is no evidence of sanitization or validation performed on the external content before it is used to influence the agent's code-writing behavior.
Audit Metadata