brand-pipeline
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands including node scripts, pnpm, and npx. It specifically relies on a local CLI tool path at ~/Development/brand-kit/dist/src/cli.js which is external to the skill's own code.
- [PROMPT_INJECTION]: Indirect prompt injection surface detected. Ingestion points: Data enters the agent context via brand.yaml and existing project files. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present. Capability inventory: The skill has the capability to execute shell commands (node, pnpm, npx). Sanitization: There is no evidence of sanitization or escaping of the [Brand Name] or [Tagline] variables before they are interpolated into the shell command in Step 4, creating a potential command injection risk if the brand data is attacker-controlled.
Audit Metadata