plan-fix
Warn
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface by reading and following instructions from .ai/issue-analysis-<issue_number>.md.
- Ingestion points: .ai/issue-analysis-<issue_number>.md (SKILL.md)
- Boundary markers: Absent; the skill lacks delimiters or instructions to ignore embedded instructions within the analysis file.
- Capability inventory: git clone, git checkout, mvn clean install, and shell execution for server patching and testing.
- Sanitization: Absent; no validation is performed on the contents of the analysis file before use.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands, including 'mvn clean install' and long-running server start/log polling sequences.
- [REMOTE_CODE_EXECUTION]: The skill dynamically clones and builds external source code repositories identified in analysis artifacts. This process involves executing build-time logic (Maven lifecycle) on potentially untrusted third-party code.
- [EXTERNAL_DOWNLOADS]: The skill performs repository cloning from external sources identified dynamically during the execution of the skill.
Audit Metadata