recoup-internal-dev-ship-issue

Pass

Audited by Gen Agent Trust Hub on Jul 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core functionality involves reading and implementing instructions from external tracking issues and documentation pages.
  • Ingestion points: Data enters the agent's context through tracking issues (typically originating from the recoup-internal-dev-issue-tracker skill) and external API documentation pages cited within those issues.
  • Boundary markers: There are no explicit instructions to use delimiters or ignore instructions that might be embedded within the external issues or documentation.
  • Capability inventory: The skill leverages several capabilities including file system modification (editing OpenAPI/JSON files) and shell command execution (using pnpm, gh, vercel, and curl).
  • Sanitization: The instructions do not include steps to sanitize or validate the external content before the agent processes it.
  • Remediation: To mitigate this, external content should be wrapped in delimiters with an explicit 'ignore embedded instructions' warning, and human review should be required before the agent executes significant commands or commits code based on external data.
  • [COMMAND_EXECUTION]: The skill requires the agent to run multiple shell commands to manage the development lifecycle.
  • Evidence: Instructions include the use of pnpm exec vitest for testing, pnpm exec tsc and pnpm exec eslint for code quality, and gh api and vercel ls for deployment management.
  • [REMOTE_CODE_EXECUTION]: The skill employs browser automation to execute scripts on external websites for data extraction purposes.
  • Evidence: The workflow instructs the agent to use a browser MCP to navigate_page and then evaluate_script to extract rendered parameters and responses from client-side-rendered documentation sites. This involves executing dynamically generated code in a browser environment targeting external content.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to interact with development and hosting platforms.
  • Evidence: Uses curl to verify live preview deployments and gh api to check repository deployment statuses. These operations target well-known services (GitHub, Vercel) or the vendor's own organizational repositories.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 17, 2026, 03:08 AM