validation
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to execute arbitrary shell commands provided in the
.validation.ymlconfiguration file through its 'Custom Validator' feature. As documented inreference/custom-validators.mdandreference/pipelines.md, any string assigned to thecommandfield will be executed by the agent, allowing for the execution of local binaries or scripts with the agent's permissions. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. It ingests untrusted data from the local repository, including configuration files (
.validation.yml), source code being analyzed, and the standard output of executed validator scripts. This content is then interpolated into validation reports and used to influence subsequent agent actions (as described in the 'Learning Loop' inSKILL.md), without explicit boundary markers or sanitization of the external content. - [DATA_EXPOSURE]: The skill's persistence mechanism, described in
reference/persistence.md, automatically writes validation findings to the.memory/validations/directory. If a security validator identifies sensitive information such as hardcoded secrets, these are stored in plain-text markdown files on the local filesystem. - [DYNAMIC_EXECUTION]: The documentation in
reference/custom-validators.mdprovides templates and encourages the creation of Node.js, Python, and Shell scripts to be executed at runtime by the agent.
Audit Metadata