gm-execute
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [SAFE]: The skill is comprised entirely of instructional documentation and does not include any executable scripts, binaries, or configuration files that could perform unauthorized actions.
- [PROMPT_INJECTION]: The skill describes a structural surface for indirect prompt injection by reading state from a local file ('out/.json') to determine the next skill to invoke. Ingestion points: 'out/.json' in SKILL.md. Boundary markers: Absent. Capability inventory: 'Skill' tool (invocation) and 'Write' tool. Sanitization: Absent. This is evaluated as an architectural pattern for agent orchestration rather than a malicious finding.
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to use browser automation tools ('exec:browser' and 'page.evaluate') for testing purposes. These are standard development workflow guidelines and do not facilitate arbitrary command injection.
Audit Metadata