ship
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on extensive local command execution through the Bash tool to perform Git operations, interact with GitHub CLI (gh), and Azure DevOps CLI (az). These commands manage branches, commit changes, and control PR states.
- [PROMPT_INJECTION]: Stage 4 of the workflow exhibits a potential surface for indirect prompt injection. The agent retrieves external CI logs to automatically diagnose and fix failures, which could allow malicious instructions embedded in log output to influence the agent's code generation or command execution.
- Ingestion points: Pulls CI/pipeline failure logs using
gh run view --log-failedand Azure DevOps timeline records (found in references/stage-prompts.md). - Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are present in the subagent prompt when interpolating log data.
- Capability inventory: The subagent has capabilities to read source files, modify code, and execute Git commit/push commands.
- Sanitization: The skill uses Bash heredocs (EOF) for multi-line string encapsulation in commit messages and PR descriptions, which helps mitigate basic shell metacharacter injection.
Audit Metadata