evidence-upload
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell scripts (
evidence-init.sh,evidence-upload.sh) and theawsCLI tool to facilitate file uploads and repository setup. These commands are integral to the skill's utility in a development workflow.- [DATA_EXFILTRATION]: Visual evidence, such as screenshots and GIFs, is uploaded to external platforms including GitHub and S3-compatible storage. These network operations are intended for the skill's primary function of evidence hosting.- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests and processes data from local results and external browser sessions without explicit sanitization or boundary markers.\n - Ingestion points: Local files
results.json,.flowchad/config.yml, and the GitHub web interface via Navvi browser automation.\n - Boundary markers: Instructions do not define specific delimiters or instructions to ignore instructions embedded within the ingested files or browser content.\n
- Capability inventory: Shell script execution, AWS CLI operations, and automated browser interactions capable of performing account-level actions.\n
- Sanitization: There is no documented validation or sanitization of file paths, repository identifiers, or content retrieved from the browser.
Audit Metadata