os-eval-backport
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to ingest and act upon data (logs and retrospectives) from a 'lab repo' that may have been generated by other agents or processes. This external data is considered untrusted.
- Ingestion points: The skill reads files from
<lab-repo>/temp/logs/and<lab-repo>/temp/retrospectives/to assess changes. - Boundary markers: There are no explicit markers or instruction-ignoring delimiters used when the agent reads this untrusted content.
- Capability inventory: The skill possesses 'Bash' and 'Write' capabilities, allowing it to modify code and commit changes to a 'master' repository based on the ingested data.
- Sanitization: No sanitization of the log content is performed.
- Mitigation: The risk is significantly reduced by a mandatory human-in-the-loop (HITL) review phase (Phase 3), where the user must explicitly approve changes in a structured table before they are applied.
- [COMMAND_EXECUTION]: Shell Command Usage. The skill utilizes the 'Bash' tool to perform repository management tasks including directory listing (
ls), log inspection (git log), and source code management (git diff,git status,git commit). These commands are standard for the skill's stated purpose of backporting code changes.
Audit Metadata