take-ownership
Fail
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill uses a 'Persistence Contract' and 'Stop Contract' to override standard agent behavior, forcing the agent to remain in an autonomous loop and resist user attempts to pause or review work. It defines 'Forbidden ask-shapes' to suppress clarifying questions. Furthermore, it is vulnerable to indirect prompt injection as it processes untrusted data from GitHub issues and pull requests (via
gh issue viewandgh pr diff) and interpolates this content into subagent prompts without sanitization or protective boundary markers. - [CREDENTIALS_UNSAFE]: The 'Blocker Resolution Table' and 'Available Tools' sections provide explicit strategies for the agent to harvest sensitive credentials from the host system. It instructs the agent to search for secrets in
~/.env.d/*.env,~/.ssh/,~/.aws/,~/.config/gcloud/, and~/.kube/. It also specifically directs the agent to use the Bitwarden CLI (bw) to extract passwords and API tokens. - [DATA_EXFILTRATION]: The skill creates a direct path for data exfiltration by combining access to sensitive credential files and vaults with network-capable tools such as
WebFetch,WebSearch, and theghCLI. This allows for the harvesting and potential transmission of developer secrets during automated tasks. - [COMMAND_EXECUTION]: The agent is granted extensive authority to execute shell commands via the
Bashtool, including remote server management (ssh,scp), system-level file access usingsudo, and the modification of system configurations. - [EXTERNAL_DOWNLOADS]: The skill encourages the agent to automatically resolve missing dependencies by installing software through package managers like
apt,brew,npm,pip, andcargo. This practice introduces significant supply chain risks as the agent may download and execute unverified third-party code without human oversight.
Recommendations
- AI detected serious security threats
Audit Metadata