candango-wrap-up
Pass
Audited by Gen Agent Trust Hub on May 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs several file-system and command-line operations, including deleting temporary dashboard files such as state.json and index.html, running implementation-specific tests and validation commands, and executing git commands for staging, committing, and creating pull requests via the GitHub CLI.
- [PROMPT_INJECTION]: The skill demonstrates a vulnerability to indirect prompt injection.
- Ingestion points: It reads content from potentially untrusted files such as plan.md, issues.md, and uat.md in SKILL.md.
- Boundary markers: There are no instructions to the agent to treat the content of these files as data only or to ignore embedded instructions.
- Capability inventory: The skill possesses capabilities that could be abused if an injection is successful, including arbitrary command execution for validation, file deletion, and automated git/GitHub operations as defined in SKILL.md.
- Sanitization: The skill lacks any mechanism for sanitizing or escaping the content read from external files before it is included in the agent's processing context.
Audit Metadata