validation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's architecture is centered around executing shell commands and scripts defined in the
.validation.ymlfile. This allows the agent to run complex validation logic, which is an intended feature but grants significant control over the local environment. - [REMOTE_CODE_EXECUTION]: The framework supports running local scripts as validators. While no remote downloads are initiated by the skill itself, the execution path for these scripts is dynamically determined by the configuration file.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface because it makes execution decisions based on potentially untrusted data from the repository's configuration and history.
- Ingestion points: Processes
.validation.yml,.memory/validations/history files, and the source code of the project being validated. - Boundary markers: No specific boundary markers or 'ignore' instructions are implemented to prevent the agent from obeying instructions embedded in the configuration or data files.
- Capability inventory: The skill possesses the capability to execute shell commands, run Python/Node.js scripts, and perform filesystem read/write operations within the project directory.
- Sanitization: There is no evidence of sanitization or validation of the commands specified in the configuration file before execution.
Audit Metadata