worker-image-investigation
Warn
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The Python script
scripts/investigate.pyuses thesubprocessmodule to execute external CLI tools, specifically thetaskclusterandaz(Azure) command-line interfaces. - [REMOTE_CODE_EXECUTION]: The skill provides a wrapper for executing arbitrary PowerShell scripts on remote Azure Virtual Machines via the
az vm run-command invokecommand. This is used to gather system information such as Windows build numbers, installed hotfixes, and worker configuration data. - [EXTERNAL_DOWNLOADS]: The documentation in
SKILL.mddescribes workflows that usecurlto fetch job data fromtreeherder.mozilla.organd recommends installing CLI prerequisites via Homebrew. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting data from external APIs.
- Ingestion points:
scripts/investigate.pyretrieves JSON responses from Taskcluster and Treeherder API endpoints. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the prompt templates or data processing logic.
- Capability inventory: The skill possesses the ability to execute local subprocesses and remote PowerShell commands on cloud instances.
- Sanitization: Data is parsed using standard JSON libraries, but the content is not sanitized for potential malicious instructions before being presented to the agent context.
Audit Metadata