Skills
skills/xalior/agent-skills/implement-with-remote-feedback/Gen Agent Trust Hub

implement-with-remote-feedback

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection through the optional plan-file argument.
  • Ingestion points: The $1 argument (plan-file) in the argument-hint and Phase 3.
  • Boundary markers: Absent. The skill summarizes and adopts tasks directly from the external file without isolation.
  • Capability inventory: Extensive git command execution (git push, git commit) and file system write operations.
  • Sanitization: Absent. There is no validation or filtering of the content within the plan file.
  • [COMMAND_EXECUTION] (MEDIUM): The skill relies heavily on executing shell-based Git commands.
  • Evidence: Phase 2 and 4 include git checkout, git push, git add, and git commit calls.
  • Risk: While the commands are structured, the lack of strict validation on branch names or plan content could lead to unintended command sequences if the agent interpolates malformed strings.
  • [DATA_EXFILTRATION] (MEDIUM): The skill enforces a strict policy of pushing data to a remote repository immediately.
  • Evidence: Phase 4, Step 4: 'Push after EVERY commit. No exceptions.'
  • Risk: This behavior creates a high-frequency channel for data exfiltration. If the agent accidentally commits sensitive local files or secrets, they are transmitted to the remote 'origin' before human intervention can occur.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 07:34 AM