model-versioning-manager
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to process model versioning data and deployment configurations, which are often provided by external or untrusted sources. * Ingestion points: Metadata files, model versioning requests, and deployment manifests. * Boundary markers: No explicit delimiters or 'ignore' instructions are defined to separate data from instructions. * Capability inventory: Significant execution power via Bash, Write, and Edit tools. * Sanitization: No validation or filtering is specified for external content before tool usage.
- [Command Execution] (MEDIUM): Requesting Bash access for 'automated assistance' allows for potential arbitrary command execution if the agent is influenced by malicious deployment patterns or instructions embedded in the data it processes.
Recommendations
- AI detected serious security threats
Audit Metadata