Skills
skills/macho715/hvdc-codex-ops/docs-reconcile/Gen Agent Trust Hub

docs-reconcile

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONNO_CODEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The use of 'powershell -ExecutionPolicy Bypass' explicitly circumvents system security policies designed to prevent the execution of untrusted scripts.
  • [NO_CODE] (HIGH): The skill relies on 'tools/hvdc_ops.py' to perform its core reconciliation logic, but this file is not included in the provided skill package, making its behavior unverified and potentially malicious.
  • [PROMPT_INJECTION] (LOW): The skill processes data from multiple CSV files, creating a surface for indirect prompt injection if those files contain malicious instructions. 1. Ingestion points: data/ci_fields.csv, data/pl_fields.csv, and data/bl_fields.csv. 2. Boundary markers: None identified in the prompt instructions. 3. Capability inventory: Execution of PowerShell and Python subprocesses. 4. Sanitization: No evidence of input validation or escaping for the CSV content.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:42 PM