ecosystem-managing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill specifies the use of
npm run buildandgrep_searchto verify system state and find references during the 'PURGE' protocol. While standard for developers, these involve executing shell commands that could be exploited if inputs are manipulated.- [INDIRECT PROMPT INJECTION] (LOW): The scriptversion_control.pyprovides a surface for indirect injection. Evidence Chain: 1. Ingestion points: Thechanges_summaryparameter inupdate_registry_with_changelog(scripts/version_control.py). 2. Boundary markers: Absent; the summary is directly appended to the file. 3. Capability inventory: File write access (open(..., 'w')) to project files. 4. Sanitization: Absent; the input string is concatenated directly into the Markdown content.- [PRIVILEGE ESCALATION] (SAFE): The 'PURGE' protocol describes deleting code, documents, and tests. While destructive, this capability is aligned with the skill's primary stated purpose of ecosystem management and does not involve unauthorized privilege gains such assudousage.
Audit Metadata