finops-compare
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The execution command defined in
SKILL.mduses an unquoted variable:bash "${SKILL_DIR}/scripts/compare-repos.sh" $ARGS. This pattern allows for shell command injection if the input arguments contain shell metacharacters such as semicolons, pipes, or ampersands. These would be interpreted by the host shell prior to the script's execution. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection through the processing of untrusted external data.
- Ingestion points: Data is ingested from the GitHub API (repository names and workflow run conclusions) within
scripts/compare-repos.shvia theghCLI. - Boundary markers: The skill's output does not utilize delimiters or specific "ignore instructions" warnings to separate external data from its own reporting structure.
- Capability inventory: The skill is authorized to use
Bash(includingghandbashcommands) andTodoWritetools. - Sanitization: There is no evidence of sanitization or validation of the strings retrieved from the API before they are printed in the comparison report. An attacker with the ability to name repositories or workflows could embed malicious instructions that may influence the agent's subsequent actions.
Audit Metadata