Skills
skills/psquared-development/psquared-skills/price-change/Gen Agent Trust Hub

price-change

Warn

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands like git add, git commit, and git push to automate the deployment of code changes to the production branch across several repositories.
  • [DATA_EXFILTRATION]: The skill reads sensitive local files including subscriptionUtils.ts, StripeService.ts, and .env.example using absolute paths, which may expose internal configuration and business logic.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of external data. Ingestion points: Data is pulled from the Stripe API and various local source and documentation files. Boundary markers: There are no markers to isolate ingested data from agent instructions. Capability inventory: The agent has permissions to write to the file system, interact with the Stripe API, and execute shell commands. Sanitization: The skill lacks sanitization or validation of the data retrieved from external sources before processing it.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 27, 2026, 01:03 PM
Security Audit — agent-trust-hub — price-change