deployment-record-archive
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill processes deployment records from external sources and appends them to a persistent JSONL archive, creating a risk of log poisoning.\n
- Ingestion points: Untrusted data enters via
record.jsoninscripts/archive_record.py.\n - Boundary markers: None present; data is directly serialized.\n
- Capability inventory: File write (append) via
open(sys.argv[2], 'a')inscripts/archive_record.py.\n - Sanitization: Limited to standard JSON serialization; no content-based filtering of metadata fields.\n- Command Execution (LOW): The Python script accepts file paths as command-line arguments without validation. While the skill's defined command uses relative paths, a manipulated agent could potentially be coerced into reading or writing sensitive files elsewhere on the system.
Audit Metadata