pipeline
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill manages pipeline lifecycle events by executing local shell scripts (
./scripts/pipeline/update-pipeline.sh) and invokes an external execution tool (codex exec --full-auto) for autonomous phases.\n- [PROMPT_INJECTION]: The orchestrator is vulnerable to indirect prompt injection due to its reliance on processing mission and prompt files to determine actions.\n - Ingestion points: Mission documents (e.g.,
.pipeline/mission/mission-v001.md) and phase-specific prompt files (e.g.,.pipeline/phases/.../runtime/relay/prompt.md).\n - Boundary markers: Absent; there are no instructions or delimiters provided to separate orchestrator logic from untrusted content in ingested files.\n
- Capability inventory: Includes local script execution and autonomous tool execution with full-auto capabilities.\n
- Sanitization: Absent; the skill does not describe any validation or escaping of file content before it is processed or passed to execution tools.
Audit Metadata