Mend
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted telemetry data, such as system logs and error messages, which introduces an indirect prompt injection surface.
- Ingestion points: Telemetry data and diagnosis handoffs are received from external agents like Triage and Beacon (documented in SKILL.md and references/verification-strategies.md).
- Boundary markers: The skill includes explicit instructions to isolate user-generated content and sanitize free-text signals before matching against remediation patterns (documented in references/adversarial-defense.md).
- Capability inventory: The agent can execute automated remediations including pod restarts, scaling, and configuration rollbacks (documented in SKILL.md and references/runbook-execution.md).
- Sanitization: Implements a 3-step validation pipeline consisting of schema verification, cross-source corroboration, and isolation of user-generated strings (documented in references/adversarial-defense.md).
- [COMMAND_EXECUTION]: The agent is capable of executing state-changing operational commands on infrastructure and application components.
- Actions: The skill performs operations such as container restarts, horizontal pod scaling, feature flag toggles, and deployment rollbacks based on detected failure patterns (documented in references/safety-model.md).
- Guardrails: All actions are governed by a 4-tier safety model (T1-T4) that requires risk score calculations and mandatory approval gates for high-risk operations (documented in SKILL.md and references/safety-model.md).
- Execution Protocol: Remediations are handled by a structured runbook execution engine with built-in idempotency checks, step-level verification, and automatic rollback triggers (documented in references/runbook-execution.md and references/verification-strategies.md).
Audit Metadata