skills/nvidia/warp/changelog-audit/Gen Agent Trust Hub

changelog-audit

Warn

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs extensive shell operations using git (rev-parse, show, tag, worktree, switch, status, log) and nvidia-smi to manage and inspect the repository environment. It also executes repository-local build scripts like build_lib.py via uv run.
  • [REMOTE_CODE_EXECUTION]: In Phase 3a, the skill is instructed to generate standalone Python scripts in /tmp/ based on claims found in the CHANGELOG.md. These scripts are then executed using uv run. This creates a runtime code execution capability where the executed logic is derived from external text entries.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8).
  • Ingestion points: Reads CHANGELOG.md bullets, VERSION.md, and warp/config.py as primary inputs (SKILL.md Phase 1, Phase 2, Phase 3).
  • Boundary markers: None explicitly mentioned or implemented for isolating or delimiting changelog content during analysis.
  • Capability inventory: Performs subprocess calls for git, gh, and uv run. It has file write access to CHANGELOG.md and generates temporary scripts in /tmp/ (SKILL.md Phase 3a, Phase 5, Phase 6).
  • Sanitization: No specific sanitization, escaping, or validation of changelog content is described before it is used to generate verification scripts or rewritten prose.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 20, 2026, 01:50 AM
Security Audit — agent-trust-hub — changelog-audit