Skills
skills/sharex/xerahs/run-maintenance/Gen Agent Trust Hub

run-maintenance

Warn

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute a local PowerShell script (update-changelog.ps1) using the ExecutionPolicy Bypass flag. This flag causes PowerShell to ignore established security policies regarding script execution, which is a common but notable security bypass.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by reading data from files like Directory.Build.props and parsing git status output without applying boundary markers or sanitization. Ingestion points: Directory.Build.props and git status. Boundary markers: None. Capability inventory: Git operations, dotnet build, and local script execution. Sanitization: None.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 27, 2026, 07:20 PM
Security Audit — agent-trust-hub — run-maintenance