grace-execute
Warn
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to run shell commands ('verification commands' and 'gates') that are retrieved from local project files such as
docs/verification-plan.xmlanddocs/operational-packets.xml. - [REMOTE_CODE_EXECUTION]: By executing commands sourced from data files, the skill creates a vector for arbitrary code execution if the configuration files are compromised or provided by an untrusted source.
- [DATA_EXFILTRATION]: The ability to execute arbitrary shell commands can be leveraged to exfiltrate sensitive information, such as environment variables, local credentials, or source code, to external servers.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes and follows instructions embedded in external XML files without adequate sanitization.
- Ingestion points:
docs/development-plan.xml,docs/knowledge-graph.xml,docs/verification-plan.xml, anddocs/operational-packets.xml. - Boundary markers: None present; the agent processes the XML content as authoritative instructions.
- Capability inventory: Shell command execution (via verification steps and vendor-provided CLI tools like
grace), file system writes (during code generation), and git commit operations. - Sanitization: No evidence of command validation or input sanitization before execution.
Audit Metadata