repoprompt
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill relies on the Bash tool to execute commands through 'rp-cli' and 'uv run'. It specifically includes functionality to execute external '.rp' script files from the local filesystem (e.g., 'rp-cli --exec-file ~/scripts/daily-export.rp'), which represents a dynamic execution risk as these scripts are not provided or verified within the skill source.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) when reading data from a codebase. Evidence Chain: 1. Ingestion points: Untrusted data from a codebase is ingested into the agent's context through 'read', 'search', 'tree', and 'context' commands. 2. Boundary markers: Absent; the skill does not use delimiters or instructions to ignore potential commands embedded in the code files. 3. Capability inventory: The agent has the ability to execute shell commands, write to files, and interact with external AI chat models. 4. Sanitization: Absent; codebase content is passed directly to the model without filtering or escaping.
Audit Metadata