solo-pipeline
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute launcher scripts including
solo-research.shandsolo-dev.sh. It also provides instructions for monitoring via shell commands liketail -f,cat, andwatch -n2 -c solo-pipeline-status.sh. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection or command injection because user-provided input from
$ARGUMENTSis parsed and passed directly into shell execution contexts for the research and dev pipelines. - Ingestion points: User-supplied input via
$ARGUMENTSinSKILL.md. - Boundary markers: None identified; input is passed directly to script arguments.
- Capability inventory: The skill has access to
Bash(command execution) andWrite(filesystem modification). - Sanitization: No evidence of input validation, escaping, or sanitization before passing strings to the shell launcher scripts.
- [DATA_EXFILTRATION]: The skill reads from and writes to state files located at
.solo/pipelines/solo-pipeline-{project}.local.mdand the global fallback~/.solo/pipelines/solo-pipeline-{project}.local.md. While used for tracking pipeline progress, this grants the agent access to manage configuration data in the user's home directory.
Audit Metadata