gm-complete
Warn
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides explicit instructions and examples for executing code in multiple environments (Node.js, Python, Bash, Go, Rust, Java, Deno, Cmd, Deno) using the
exec:<lang>tool pattern. This grants the agent broad local code execution capabilities. - [COMMAND_EXECUTION]: Included code blocks demonstrate dynamic module loading via
import()with absolute file paths, enabling the execution of arbitrary scripts or binaries stored on the file system. - [COMMAND_EXECUTION]: Orchestrates repository state changes and automation using
exec:bashfor git commands, including status checks, history verification, and pushing code to remote repositories. - [PROMPT_INJECTION]: The skill's verification logic is vulnerable to indirect prompt injection as it processes external files and data that can influence agent behavior.
- Ingestion points: Reads
.prdrequirements files and processesrealInputdata during end-to-end verification steps. - Boundary markers: No explicit delimiters or instructions to disregard instructions embedded within these data sources are present.
- Capability inventory: A wide array of execution tools (Node.js, Bash, Python, etc.) are available for the agent to use while interpreting untrusted data from the file system.
- Sanitization: There is no mention of sanitization, validation, or escaping of data ingested from the requirement files or testing inputs before they are used in execution contexts.
Audit Metadata