conductor-revert
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill instructs the agent to execute shell commands (e.g.,
git log,git revert) using interpolated variables such as{trackId},{X.Y}, and{sha}. - Evidence: Commands like
git log --oneline --grep="{trackId}" --grep="Task {X.Y}" --all-matchandgit revert --no-edit {sha}are generated at runtime. - Risk: If the data source for these variables (like a git commit message or the
plan.mdfile) contains shell metacharacters (e.g.,;,|,&), it could lead to arbitrary command execution on the host system during the discovery or execution phases. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes data from external sources (git history and local repository files) that can influence the agent's actions.
- Ingestion points:
plan.md,metadata.json, and git commit messages are read to determine revert targets. - Boundary markers: Absent; there are no instructions to use delimiters or ignore instructions embedded within the git history data.
- Capability inventory: The skill has the capability to execute shell commands, write to the file system, and potentially delete directories (as mentioned in edge cases).
- Sanitization: Absent; there are no instructions for the agent to sanitize or validate strings before interpolating them into shell command templates.
Audit Metadata