execute
Warn
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to parse an external 'plan file' and execute commands found within it. Evidence includes instructions to 'Execute EVERY validation command listed in the plan' and to 'Run the command
- Execute exactly as specified in plan'. This behavior allows for the execution of arbitrary system commands defined in the input plan file.
- [REMOTE_CODE_EXECUTION]: The skill utilizes the
Agenttool to spawn multiple autonomous subagents (e.g.,execution-report,code-review) and 'teammates' in parallel execution mode. These agents are provided with context derived from the plan file, allowing for dynamic task execution across multiple agent instances. - [DATA_EXFILTRATION]: The skill explicitly instructs the agent to scan the project environment for sensitive files and prerequisites, including
.envfiles, credentials, and configuration directories like.aws. While intended for configuration validation, this provides a mechanism for identifying and accessing sensitive credential locations. - [PROMPT_INJECTION]: The skill uses 'blocking' and 'mandatory' language to override default agent behavior and enforce a strict execution flow (e.g., '⚠️ CRITICAL: Mandatory Validation Requirements', 'STOP. Do NOT proceed'). This is a defensive injection technique used to prevent the agent from bypassing mandatory validation gates.
- [COMMAND_EXECUTION]: The skill uses shell tools like
grepto search for and remove debug traces (console.log,print) across the codebase. This involves executing shell patterns on files within the user's workspace.
Audit Metadata