execute
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides the agent with access to the Bash tool for executing shell commands, which is used for build, test, and repository operations (git/gh CLI). This allows for arbitrary command execution on the host environment.\n- [EXTERNAL_DOWNLOADS]: The skill utilizes WebSearch and WebFetch tools to retrieve content from the internet during its analysis and execution phases.\n- [DATA_EXFILTRATION]: By combining file-reading capabilities (Read, Grep, Glob) with network access (WebFetch, Bash), the skill creates a potential pathway for exfiltrating sensitive local data to external endpoints.\n- [PROMPT_INJECTION]: The skill's architecture is vulnerable to indirect prompt injection because it processes untrusted data alongside high-privilege tools.\n
- Ingestion points: Processes data from web pages (WebFetch), local files, and GitHub repositories (issues/PRs).\n
- Boundary markers: The protocol does not specify the use of delimiters or instructions to ignore embedded commands when processing ingested content.\n
- Capability inventory: Includes arbitrary Bash execution, file modification (Write/Edit), and browser automation (Playwright).\n
- Sanitization: No explicit sanitization or validation of external content is defined before it influences the agent's task decomposition or execution steps.
Audit Metadata