seeding-playbooks

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of local shell execution via the bun runtime and the releases CLI. It executes commands to list organizations (admin org list), fetch source metadata, and save generated notes. These operations are core to the skill's purpose as an administrative automation tool.
  • [DATA_EXFILTRATION]: The skill accesses local organizational data, including source URLs, product slugs, and fetch logs. This data is read into the agent's context to facilitate the analysis and generation of playbook instructions. No external exfiltration to non-vendor domains was detected.
  • [PROMPT_INJECTION]: There is an attack surface for indirect prompt injection. The skill interpolates data retrieved from local commands (such as organization names, product lists, and source metadata) directly into prompts dispatched to sub-agents. While this could allow malicious data within those fields to influence agent behavior, the impact is localized to the developer's execution environment and follows the intended agentic workflow pattern.
  • Ingestion points: Data enters the context from bun src/index.ts admin org list and admin org get commands.
  • Boundary markers: Absent; interpolated data is placed directly into text sections within the prompt templates.
  • Capability inventory: Sub-agents have the capability to execute shell commands (specifically the releases CLI) as instructed by the parent agent.
  • Sanitization: No explicit sanitization or escaping of the interpolated metadata is performed before prompt construction.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 11:19 PM
Security Audit — agent-trust-hub — seeding-playbooks