recoup-internal-dev-ship-issue
Pass
Audited by Gen Agent Trust Hub on Jul 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core functionality involves reading and implementing instructions from external tracking issues and documentation pages.
- Ingestion points: Data enters the agent's context through tracking issues (typically originating from the
recoup-internal-dev-issue-trackerskill) and external API documentation pages cited within those issues. - Boundary markers: There are no explicit instructions to use delimiters or ignore instructions that might be embedded within the external issues or documentation.
- Capability inventory: The skill leverages several capabilities including file system modification (editing OpenAPI/JSON files) and shell command execution (using
pnpm,gh,vercel, andcurl). - Sanitization: The instructions do not include steps to sanitize or validate the external content before the agent processes it.
- Remediation: To mitigate this, external content should be wrapped in delimiters with an explicit 'ignore embedded instructions' warning, and human review should be required before the agent executes significant commands or commits code based on external data.
- [COMMAND_EXECUTION]: The skill requires the agent to run multiple shell commands to manage the development lifecycle.
- Evidence: Instructions include the use of
pnpm exec vitestfor testing,pnpm exec tscandpnpm exec eslintfor code quality, andgh apiandvercel lsfor deployment management. - [REMOTE_CODE_EXECUTION]: The skill employs browser automation to execute scripts on external websites for data extraction purposes.
- Evidence: The workflow instructs the agent to use a browser MCP to
navigate_pageand thenevaluate_scriptto extract rendered parameters and responses from client-side-rendered documentation sites. This involves executing dynamically generated code in a browser environment targeting external content. - [EXTERNAL_DOWNLOADS]: The skill performs network requests to interact with development and hosting platforms.
- Evidence: Uses
curlto verify live preview deployments andgh apito check repository deployment statuses. These operations target well-known services (GitHub, Vercel) or the vendor's own organizational repositories.
Audit Metadata