mcore-bump-base-image
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a workflow that relies on reading and processing external data from the repository, creating a surface for indirect prompt injection.
- Ingestion points: Reads configuration data from
docker/.ngc_version.dev,.gitlab/stages/01.build.yml, and test recipes withintests/test_utils/recipes/. - Boundary markers: Absent. The skill does not implement delimiters or instructions to the agent to disregard potential commands embedded in the files being read.
- Capability inventory: The agent is empowered to execute shell commands (specifically
echofor file writes andrgfor search), modify local repository files, and interact with GitHub PRs via labeling and comments. - Sanitization: The skill lacks explicit validation or escaping of the content ingested from these files before using it to drive synchronization logic or verification steps.
Audit Metadata