create-rollback-plan
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted data from project documentation and user-provided deployment arguments.
- Ingestion points: Files located in .chalk/docs/engineering/ and the $ARGUMENTS variable are used to inform the plan creation.
- Boundary markers: There are no instructions or delimiters provided to the agent to distinguish between its own system instructions and potentially malicious instructions contained within the analyzed files.
- Capability inventory: The skill uses the Bash tool for system exploration and the Write tool to create files, providing a path for malicious instructions to influence the system state.
- Sanitization: The skill does not implement any sanitization or validation logic for the content it reads before processing it or generating the final report.
- [DATA_EXFILTRATION]: The skill accesses sensitive engineering data which may contain infrastructure details or internal configuration.
- Evidence: The workflow explicitly directs the agent to read CI/CD pipeline configurations and architecture topology documents in .chalk/docs/engineering/.
Audit Metadata