god-intervention
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill grants the agent the ability to terminate arbitrary system processes by PID (
./scripts/god/powers.sh terminate pid:12345). This can be used to disable security tools or disrupt critical system services. - [COMMAND_EXECUTION] (HIGH): The skill provides a
modifycommand that allows the agent to append, prepend, or replace the contents of any file (./scripts/god/powers.sh modify "path/to/file" replace "new content"). This capability allows an agent to inject malicious code into existing scripts, configuration files, or shell profiles (e.g.,.bashrc), leading to persistent system compromise. - [COMMAND_EXECUTION] (HIGH): Provides capabilities for repository-wide destructive actions, including hard git resets (
./scripts/god/powers.sh rollback HEAD~3 hard) and system-wide shutdowns (./scripts/god/powers.sh terminate all). - [PROMPT_INJECTION] (MEDIUM): The 'God Committee' and 'God Intervention' framing acts as a high-privilege role-play scenario. This may lead the agent to believe it has 'overriding' authority, potentially bypassing safety guardrails when processing user requests that use the intervention triggers.
- [DATA_EXFILTRATION] (MEDIUM): The skill enables the agent to read and modify sensitive project configurations (e.g.,
.god/config.json). While no direct external network calls are listed, the unrestricted file system access provided by the repair and modification tools allows for sensitive data discovery.
Recommendations
- AI detected serious security threats
Audit Metadata