release-showcase-manager
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a shell script
scripts/setup_workspace.shused for initializing the environment. It performs directory creation and Git LFS configuration. - [COMMAND_EXECUTION]: In Phase 4 (
workflows/04-capture-and-notetaking.md), the agent is instructed to generate and execute FFmpeg commands based on structured text data in sidecar labeling files (.txt). While this is functional, dynamic command generation from text files presents a minor execution risk if the source files are manipulated. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection. During the discovery phase (
workflows/01-discovery-and-collection.md), the agent is instructed to collect information from external sources (market data, technical whitepapers, and web search). This untrusted data is then used to influence core project outputs such as the 'Capability Atlas' and evaluation reports. - Ingestion points: Technical whitepapers, external model feedback, and market research stored in
docs-and-ref/. - Boundary markers: None explicitly defined to separate untrusted external content from agent instructions.
- Capability inventory: Subprocess execution (FFmpeg), file system writes, and Git operations.
- Sanitization: No explicit sanitization or validation of the ingested external content is mentioned.
- [EXTERNAL_DOWNLOADS]: The workflow involves 'Gemini Search' for autonomous research, which entails downloading and processing content from external web environments.
Audit Metadata