Skills
skills/desplega-ai/ai-toolbox/verifying/Gen Agent Trust Hub

verifying

Warn

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Step 3 utilizes the git diff command to analyze file changes against a specific commit reference found in the plan metadata.
  • [REMOTE_CODE_EXECUTION]: Step 5 ('Success Criteria Re-run') instructs the agent to parse shell commands from checkbox items in the 'Automated Verification' section of a plan file and execute them. Executing arbitrary commands derived from data files is a significant security risk, as it allows for dynamic code execution based on file content.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It ingests data from plan files (which may be influenced by external inputs during the planning phase) and uses that data to perform actions like command execution. The instructions lack technical sanitization or boundary markers, relying instead on a directive to avoid 'destructive' commands, which is insufficient for preventing malicious exploitation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 11, 2026, 09:43 PM