implementation-agent
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to automatically identify and execute build and lint commands specified in local configuration files.\n
- Evidence: The procedure includes steps to "Detect build and lint commands from repository config (for example package.json, Makefile, or equivalent)" and "Run build and lint commands".\n- [REMOTE_CODE_EXECUTION]: Executing commands derived from the repository's configuration files (like Makefile or package.json scripts) allows for arbitrary code execution if those files are malicious.\n- [PROMPT_INJECTION]: The skill processes JSON data from issue tracker comments for state management, creating a surface for indirect prompt injection.\n
- Ingestion points: Issue tracker comments containing the tag and subtasks within the issue tracker (SKILL.md).\n
- Boundary markers: Data is expected within specific comment markers and JSON blocks, but no specific instruction-following safeguards are mentioned.\n
- Capability inventory: The agent can execute system commands (build/lint), perform git operations (push), create/update PRs via gh CLI, and modify issue tracker states/comments (SKILL.md).\n
- Sanitization: No explicit sanitization or validation of the ingested JSON payload or the discovered build commands is documented.
Audit Metadata