playbook-executor
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs shell commands using a 'Run tool' to execute
git add,git commit, andgit push. This is used to synchronize generated Ansible playbooks with the user's remote repository as part of the mandatory 'Git Flow' workflow. - [REMOTE_CODE_EXECUTION]: The core functionality involves launching Ansible playbooks on remote systems via AAP job templates using the
job_templates_launch_retrievetool. This capability is mitigated by mandatory human-in-the-loop checkpoints before any execution begins. - [PROMPT_INJECTION]: The skill processes untrusted data from Ansible job logs and console output (
jobs_stdout_retrieve) during Phase 5 (Execution Report). This represents an indirect prompt injection surface as the agent parses this data for CVE validation and status reporting. - Ingestion points: Job stdout and host summaries are retrieved from the AAP API and processed in Phase 5 of SKILL.md.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are specified when the agent analyzes the stdout for CVE validation.
- Capability inventory: The agent has the ability to execute shell commands (
git) and launch additional jobs in the AAP environment. - Sanitization: There is no evidence of sanitization or filtering of the job logs before they are processed by the agent.
Audit Metadata