create-request
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
Update Modeworkflow generates and executesBashcommands (such asgit logandgrep) using variables like<related_files>and<feature>. These variables are parsed directly from the contents of markdown request documents, which can be influenced by any user able to edit files in the repository. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted data from the workspace to perform sensitive operations.
- Ingestion points: Reads existing request documents from the
docs/features/{feature}/requests/directory. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore or escape instructions contained within the analyzed files.
- Capability inventory: The skill is granted
Bash,Write,Read,Grep, andGlobtools, providing a significant footprint for potential exploitation. - Sanitization: The instructions do not define any sanitization, escaping, or validation logic for the content extracted from files before it is passed to the
Bashtool for execution.
Audit Metadata