finish-task
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill dynamically identifies and executes shell commands for testing, linting, and formatting by parsing local project files such as
package.json,composer.json, andMakefiles. This runtime discovery mechanism builds an execution plan based on the contents of the project's filesystem. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the project metadata and configuration files it reads to define its execution sequence.
- Ingestion points: Files including
package.json,composer.json,Makefile,justfile, and CI configuration files (.github/workflows/*,.gitlab-ci.yml) are read to define gate commands. - Boundary markers: The instructions lack specific delimiters or directives to ignore instructions or commands embedded within the discovered project configuration data.
- Capability inventory: The skill is empowered to execute shell commands, stage changes to the working tree, and perform git commits.
- Sanitization: No validation or sanitization is performed on the commands discovered in project files before they are executed in the shell environment.
Audit Metadata