propose
Warn
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DYNAMIC_EXECUTION]: The script
manage_proposals.pydynamically loads a module from a path computed at runtime (../../guide-planning/scripts/scope_runtime.py). While this is used for code sharing within the vendor's skills, dynamic loading from relative paths is a potential vector for executing unexpected code. - [INDIRECT_PROMPT_INJECTION]: The skill ingests user input for summaries and review notes which are saved to Markdown and JSON files. \n
- Ingestion points:
manage_proposals.pycommand-line arguments. \n - Boundary markers: Absent in generated files. \n
- Capability inventory: File system write access via management scripts. \n
- Sanitization: Input is not filtered for prompt injection patterns, potentially affecting downstream processes that read these files.
- [COMMAND_EXECUTION]: The skill relies on the execution of local Python scripts to manage file operations and registry state. While these scripts are bundled with the skill, they provide a mechanism for the agent to modify the repository file system based on user-influenced parameters.
Audit Metadata