Skills
skills/majesticlabs-dev/majestic-marketplace/release/Gen Agent Trust Hub

release

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill constructs shell commands by interpolating variables such as {S} and {CHANGED_FILES} that are derived from repository file names and paths. This creates a risk of argument injection if the repository contains files with shell metacharacters (e.g., semicolons, backticks) or spaces, as these variables are used directly in commands like git add {CHANGED_FILES} and bash ... {S}. Although the allowed-tools configuration provides some restriction, the interpolation pattern remains a vulnerability.- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) by ingesting untrusted data from the repository environment.
  • Ingestion points: Metadata fields (name, version, description) from plugin.json and file paths returned by git status or git diff.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when processing this data.
  • Capability inventory: The skill possesses capabilities for file modification (Edit), repository management (git commit, git push), and structural data parsing (jq).
  • Sanitization: No validation or escaping is performed on the ingested data before it is used in logical gates or command construction.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 05:40 AM