doc-ctr-reviewer
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill explicitly commands the AI agent to execute bash utilities such as
sha256sum,sed,cut, andgrepto calculate hashes for file integrity monitoring as part of Check #8. - [PROMPT_INJECTION]: The instructions use high-priority keywords ("CRITICAL", "MANDATORY") and explicit prohibitions ("DO NOT write placeholder values") to force the agent to perform real-world shell execution, potentially bypassing default safety guardrails or simulation behaviors.
- [REMOTE_CODE_EXECUTION]: A significant attack surface exists for command injection through the Upstream Drift Detection logic. The algorithm extracts file paths and section anchors from markdown documents and interpolates them directly into shell commands. A maliciously crafted document containing shell metacharacters in a path or section name could lead to unauthorized command execution.
- [REMOTE_CODE_EXECUTION]: This skill presents an indirect injection risk due to its capability profile and data ingestion.
- Ingestion points: CTR documents in
docs/08_CTR/and referenced REQ files indocs/07_REQ/. - Boundary markers: Absent; no delimiters or instructions are provided to the agent to ignore instructions embedded within the processed documentation files.
- Capability inventory: Bash command execution and local file system write access for cache and report files.
- Sanitization: Absent; there is no mention of validating or escaping paths or anchors extracted from documents before shell interpolation.
Audit Metadata