mcore-bump-base-image

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill defines a workflow that relies on reading and processing external data from the repository, creating a surface for indirect prompt injection.
  • Ingestion points: Reads configuration data from docker/.ngc_version.dev, .gitlab/stages/01.build.yml, and test recipes within tests/test_utils/recipes/.
  • Boundary markers: Absent. The skill does not implement delimiters or instructions to the agent to disregard potential commands embedded in the files being read.
  • Capability inventory: The agent is empowered to execute shell commands (specifically echo for file writes and rg for search), modify local repository files, and interact with GitHub PRs via labeling and comments.
  • Sanitization: The skill lacks explicit validation or escaping of the content ingested from these files before using it to drive synchronization logic or verification steps.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 09:30 AM
Security Audit — agent-trust-hub — mcore-bump-base-image