error-recovery
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Prompt Injection (LOW): Potential for Indirect Prompt Injection. * Ingestion points: The skill ingests data from error logs, stack traces, and external service health checks via tools like Bash and Read. * Boundary markers: There are no instructions or delimiters defined to prevent the agent from interpreting instructions embedded within these external data sources. * Capability inventory: The skill uses tools with high impact (Bash, mcp__git__, mcp__github__), making the potential result of an injection significant. * Sanitization: No evidence of sanitization or validation of the error output before it is processed or used in GitHub comments.
- External Downloads (LOW): Uses pnpm install and pnpm dlx madge. While these are standard development practices, they involve downloading and executing code from the npm registry, introducing dependency on external package integrity.
- Command Execution (SAFE): Employs Git operations (reset, checkout, stash) and file system cleanup (rm -rf node_modules). These are powerful commands but are strictly scoped to the skill's primary purpose of recovery from failed states.
Audit Metadata