endor-fix
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill can execute package manager commands on the host system to apply remediation fixes as requested by the user.
- [EXTERNAL_DOWNLOADS]: Executing package manager install commands involves downloading software packages from external registries.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes untrusted data from finding descriptions or ticket text that could contain instructions designed to influence the agent's remediation steps.
- Ingestion points:
SKILL.md(Processes finding text, package names, and CVE IDs provided by the user or external systems). - Boundary markers: None identified in the skill instructions to distinguish between data and instructions.
- Capability inventory:
SKILL.md(Ability to update manifest files and execute system-level installation commands). - Sanitization: No explicit sanitization or validation of the ingested finding descriptions is specified.
Audit Metadata