but-for-real
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides a framework for the agent to review and execute its own code changes. This creates an indirect prompt injection vulnerability where malicious instructions embedded in the code being reviewed could be triggered during the instructed build or test execution.
- Ingestion points: Analysis of code changes via
git diff. - Capability inventory: Instructions to execute code, run tests, and build projects on the local system.
- Boundary markers: Absence of explicit delimiters to separate the skill's instructions from the code being reviewed.
- Sanitization: No validation or sanitization of the code is performed before the agent is told to run it.
- [COMMAND_EXECUTION]: The skill commands the agent to "Run it", "Run the tests", and "Build the project". These involve local system command execution that, while consistent with the skill's developer-focused purpose, provides a mechanism for potentially malicious code in the workspace to be executed.
Audit Metadata