config-sync
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting content from configuration files within the repositories. \n- Ingestion points: Reads files such as .github/workflows/*.yml, Dockerfile, and justfile across the workspace using fd, Grep, and Read. \n- Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard embedded instructions within the files it processes. \n- Capability inventory: The agent can execute Bash commands, modify files, and interact with GitHub via gh to create pull requests and commit code. \n- Sanitization: No content validation or sanitization is performed on the ingested data before it is used in logic or pull request bodies. \n- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute system commands including git, gh, fd, rg, diff, sha256sum, and shasum. These commands are used to identify differences and automate configuration updates across the local and remote repositories.
Audit Metadata