remote-work
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the SlashCommand tool to execute the /amplihack:remote command and various git operations (git fetch, git merge) to manage remote work outputs.
- [REMOTE_CODE_EXECUTION]: The core functionality of the skill is the remote execution of tasks on Azure infrastructure, which is the intended primary purpose of the tool.
- [EXTERNAL_DOWNLOADS]: The skill references the azlin tool hosted at github.com/rysweet/azlin, which is an official repository of the skill's author used for resource management.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by interpolating user-provided task descriptions into the remote execution command.
- Ingestion points: User requests extracted by the agent as described in SKILL.md.
- Boundary markers: Task descriptions are enclosed in double quotes within the command template.
- Capability inventory: The skill can invoke SlashCommand, access local logs, and perform git operations.
- Sanitization: No explicit sanitization or validation of the task description input is documented.
Audit Metadata