saga
Warn
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill programmatically identifies and executes shell commands for building, testing, and linting by parsing files within the repository, including
README.md,package.json, and CI configuration files.\n- [REMOTE_CODE_EXECUTION]: Leverages therun_agentstool to delegate tasks to subagents and explicitly supports offloading execution to remote workers for tasks requiring 'computer use' or high parallelism.\n- [PROMPT_INJECTION]: Ingests untrusted data from repository documentation to define environmental capabilities and toolchains, which presents an indirect prompt injection surface.\n - Ingestion points:
SKILL.mdPhase 1, Step 2 readsREADME.md,package.json, and CI manifests.\n - Boundary markers: None identified in the discovery instructions.\n
- Capability inventory: Shell execution,
run_agentsfor subagent spawning, and git worktree management.\n - Sanitization: Not specified for the ingestion of discovered commands.\n- [DATA_EXFILTRATION]: Facilitates the transfer of code and detailed task specifications to worker subagents, which may involve sending project data to remote instances when remote workers are utilized.\n- [COMMAND_EXECUTION]: Instructs worker subagents to perform autonomous 'self-validation' loops that involve implementing code and executing validation tests within the local or remote filesystem.
Audit Metadata