executor
Warn
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses PowerShell commands to interact with the file system and Git, including
Get-Contentfor state management andgit add,git commit, andgit logfor version control. - [INDIRECT_PROMPT_INJECTION]: The skill is highly vulnerable to indirect prompt injection because its core function is to read and execute instructions from untrusted external files (
PLAN.mdand referenced context files). These files could contain malicious instructions designed to override agent behavior, bypass the deviation rules, or exfiltrate sensitive project information. - [DYNAMIC_EXECUTION]: Rules 1, 2, and 3 grant the agent broad autonomy to modify source code, fix logic bugs, and implement missing features (such as authentication or CSRF protection) without user verification. This autonomous code generation and modification pose a risk of incorrect implementations or the intentional introduction of vulnerabilities if the agent is influenced by a malicious plan.
- [CREDENTIALS_UNSAFE]: While the skill does not contain hardcoded credentials, it provides a protocol for handling authentication gates by instructing the agent to stop and prompt the user for manual login (e.g.,
vercel login), which is a secure method for handling identity requirements.
Audit Metadata