release-coordinator
Fail
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: CRITICALPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is instructed to ingest data from 'steering/product.md' to understand business context. This resource was flagged as malicious by automated scanners, posing a risk of indirect prompt injection.\n
- Ingestion points: The agent is directed to read from several steering files, including 'steering/product.md', 'steering/tech.md', and 'steering/structure.md'.\n
- Boundary markers: The skill does not provide delimiters or clear instructions to the agent to ignore any embedded commands within these external files.\n
- Capability inventory: The skill is granted access to the 'Bash' and 'Write' tools, which provides high-impact capabilities if the agent is influenced by adversarial instructions in the steering files.\n
- Sanitization: No validation or sanitization is performed on the content of the steering files before ingestion.\n- [COMMAND_EXECUTION]: The skill is granted access to the 'Bash' tool. While used for legitimate release management tasks like git operations and changelog generation, the availability of a shell tool increases the attack surface in the event of a compromise.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata