openai-yeet
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): Unsanitized input interpolation in shell commands. The skill interpolates the
{description}variable directly into commands such asgit commit -m "{description}". If this variable contains shell metacharacters (e.g., backticks, semicolons, or command substitutions), it could result in arbitrary code execution via the Bash tool. - [EXTERNAL_DOWNLOADS] (MEDIUM): Unverifiable dependency installation. The workflow instructions allow the agent to 'install dependencies' if checks fail. This grants the agent broad authority to execute installation commands (e.g., npm install, pip install) for packages not explicitly defined in the skill, which could lead to the execution of malicious remote code.
- [PROMPT_INJECTION] (LOW): Indirect prompt injection surface. 1. Ingestion point: Untrusted data enters via the
{description}parameter used for commits and PRs. 2. Boundary markers: No delimiters or 'ignore' instructions are used to wrap the input. 3. Capability inventory: The skill utilizes the Bash tool for command execution and Write for file creation. 4. Sanitization: There is no evidence of input validation or escaping before interpolation into shell scripts.
Audit Metadata