Skills
skills/mattbaconz/signal/signal-push/Gen Agent Trust Hub

signal-push

Fail

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the PowerShell -ExecutionPolicy Bypass flag in both its provided scripts and the invocation examples in SKILL.md. This bypasses system-level security policies designed to prevent the execution of unsigned or potentially harmful scripts.
  • [PROMPT_INJECTION]: The instructions within SKILL.md explicitly command the agent to bypass standard user confirmation loops. By directing the agent to "not ask for confirmation" and "Immediately run" sensitive operations like git push, the skill removes the human-in-the-loop safety barrier.
  • [PROMPT_INJECTION]: The skill presents an attack surface for Indirect Prompt Injection by processing untrusted data (git diffs) through an LLM to generate commit messages followed by autonomous execution.
  • Ingestion points: Project file diffs and contents processed during the commit message generation stage.
  • Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands within the diff data.
  • Capability inventory: Shell command execution (git push, git commit) and local script execution.
  • Sanitization: No sanitization or validation of the diff content is performed before it is analyzed by the agent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 5, 2026, 11:45 PM