who-is-actor
Warn
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [COMMAND_EXECUTION]: The skill generates and executes shell commands using native utilities like
git,awk,grep, andsed. It uses user-provided parameters such asrepo_path,authors, andbranchto construct these commands. This creates a surface for command injection attacks if the AI agent fails to apply the specified validation rules and regex whitelists to the user input. - [DATA_EXFILTRATION]: The skill accesses local file systems to read Git repository history and file metadata. Although the instructions mandate that only aggregated statistics and redacted strings be sent to the AI model, any failure in the agent's redaction logic or a prompt that bypasses these filters could lead to the unauthorized exposure of sensitive code, credentials, or personal information contained within the repository.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from the data it processes.
- Ingestion points: Data is ingested from the target Git repository's commit messages, author names, and file paths via
git logoutput. - Boundary markers: The skill specifies that only aggregated metrics should be transmitted, and raw text must be truncated and redacted if displayed.
- Capability inventory: The agent possesses the capability to execute various shell-based data processing commands.
- Sanitization: Instructions require local processing of commit messages for statistical counts and length metrics, along with regex-based redaction of secrets (API keys, tokens, etc.) before data is presented to the model.
- [NO_CODE]: This is an instruction-only skill with no included executable scripts or compiled binaries. Its security posture depends on the reliability and constraint-following behavior of the LLM interpreting the SKILL.md file.
Audit Metadata