octivi-bash-boilerplate
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute maintenance scripts and update utilities provided by the vendor.
- Evidence: SKILL.md and workflow.md direct the agent to run
octivi-bash-boilerplate-updateto synchronize code markers andscripts/generate-skill-templatesto maintain asset payloads.\n- [REMOTE_CODE_EXECUTION]: One of the provided templates utilizes dynamic sourcing to load its library, which allows for runtime execution of external code. - Evidence: The
full-obb-script-sourcetemplate resolves theobb_lib_pathvia environment variables or command discovery before performingsource "${obb_lib_path}". While this is a standard pattern for the OBB library, it involves dynamic path evaluation for code execution.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes user-provided logic to generate executable scripts. - Ingestion points: Untrusted script intent, CLI contracts, and business logic descriptions enter the context via SKILL.md.
- Boundary markers: The system uses
# >>> OBB:BEGINand# <<< OBB:ENDblocks to delimit boilerplate from user logic, though these are structural rather than security-enforcing. - Capability inventory: The agent can write files and execute the OBB update tool on the resulting scripts.
- Sanitization: There is no explicit sanitization or validation of the user-provided logic before it is incorporated into scripts and passed to validation tools.
Audit Metadata