cs-issue-fix
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts (
codestable/tools/search-yaml.py) and standard version control commands (git status,git commit). These operations are used to search project documentation and manage the submission of code fixes. - [PROMPT_INJECTION]: The skill processes potentially untrusted content from documentation files (
{slug}-report.md,{slug}-analysis.md) which creates a vulnerability to indirect prompt injection. Mitigation is achieved through multiple manual verification checkpoints where the AI must wait for user confirmation before proceeding. 1. Ingestion points: Reads local markdown files including{slug}-report.md,{slug}-analysis.md, and files in thecodestable/compound/directory. 2. Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the processing logic. 3. Capability inventory: The agent has the ability to modify project source code, execute local Python tools, and perform Git operations. 4. Sanitization: No content validation, sanitization, or safety filtering is performed on the markdown files before they are processed by the agent.
Audit Metadata