automate-repair
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill identifies and executes test commands from project-specific configuration files found in the target repository.
- Ingestion points: Reads
CLAUDE.mdand.ai-cortex/config.yamlfrom the repository being processed. - Boundary markers: The instructions lack explicit delimiters or warnings to ignore malicious instructions embedded within these configuration files.
- Capability inventory: The agent can execute arbitrary shell commands and write to the file system to apply code fixes.
- Sanitization: The skill does not describe a process for validating or sanitizing commands parsed from external configuration files before they are executed in the shell.
- [COMMAND_EXECUTION]: Automated Command Execution. The skill's primary function involves running shell commands for testing and applying code changes. It explicitly implements safeguards by requiring user confirmation for high-risk operations like network access, Docker usage, or package installation.
Audit Metadata