auto-dev
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple Git commands (e.g.,
git rev-parse,git diff,git status) to validate the repository state and ensure it is operating within the correct branch and worktree. - [COMMAND_EXECUTION]: It utilizes the GitHub CLI (
gh) to perform authentication checks and trigger GitHub Actions workflows for the current branch. - [COMMAND_EXECUTION]: The
auto-dev-deploy-dev.shscript executes a local 'inference script' (typically.skills-hub/auto-dev/infer-targets.sh) to dynamically calculate deployment parameters based on modified files. This is an intended extension mechanism for project-specific logic. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from the repository (file diffs, commit messages) and external sources (web browsing via Playwright/Chrome MCP).
- Ingestion points: Git diff outputs, project-specific inference script outputs, and external web content from browser MCP tools.
- Boundary markers: No explicit delimiters or 'ignore instructions' markers are implemented for the processed data.
- Capability inventory: The skill possesses significant capabilities including shell command execution (
bash), GitHub Actions management (gh), and cloud resource inspection (GCP/Firestore). - Sanitization: The deployment script performs basic parsing of the inference script's output, looking for specific
workflow=andinput:prefixes.
Audit Metadata