skills/elvisbrevi/yitpush/yp/Gen Agent Trust Hub

yp

Warn

Audited by Gen Agent Trust Hub on Jul 13, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The SetupCommand.cs file implements logic to modify the user's shell initialization files (such as .zshrc, .bashrc, or .profile) to add a persistent alias (alias yitpush='yp'). While the tool prompts the user for confirmation, this behavior modifies the execution environment and persists across sessions.
  • [REMOTE_CODE_EXECUTION]: The repository contains a pre-compiled binary executable at publish/YitPush. The inclusion of binary artifacts in a skill distribution is a security concern because the logic within the compiled file cannot be verified through static analysis, potentially allowing for the execution of unvetted code.
  • [EXTERNAL_DOWNLOADS]: The skill's installation and update procedures utilize dotnet tool install and npx, which fetch packages from public registries (NuGet and NPM). Additionally, the tool makes legitimate network requests to several AI provider endpoints (OpenAI, Anthropic, Google, DeepSeek, OpenRouter, and NVIDIA) and Azure DevOps REST APIs.
  • [PROMPT_INJECTION]: The tool is susceptible to indirect prompt injection. It reads data from external sources, specifically git diff outputs and Azure DevOps work item descriptions, and interpolates this untrusted content directly into LLM prompts. The logic lacks sanitization or robust boundary markers to prevent embedded instructions from overriding the agent's behavior.
  • [COMMAND_EXECUTION]: The skill extensively shells out to system tools including git and the Azure CLI (az) to perform its primary functions. While this is expected for a DevOps tool, it requires the agent to have broad command execution permissions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 13, 2026, 04:38 PM
Security Audit — agent-trust-hub — yp