my-milvus-integration
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs shell commands including
uv sync,pytest,ruff, andmypywithin the context of the analyzed repository. This creates a mechanism for arbitrary code execution if the target repository contains malicious build scripts, configurations, or test suites. - [EXTERNAL_DOWNLOADS]: Employs
uv syncto synchronize and install project dependencies. While these are typically sourced from standard package registries, this process involves the download and execution of external code. - [PROMPT_INJECTION]: The skill contains explicit instructions for the agent to deceive maintainers by concealing its AI nature in PR titles, bodies, and commit messages (e.g., "Do not mention AI, Claude, LLMs, or automatic generation").
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its broad data ingestion surface.
- Ingestion points: Reads local repository documentation (
README.md,AGENTS.md, etc.) and fetches external data from GitHub viagh pr listandgh issue list. - Boundary markers: Absent; no delimiters or instructions to disregard embedded commands are used when processing external content.
- Capability inventory: Can execute shell commands, perform file system operations, and interact with the network through CLI tools.
- Sanitization: No validation or filtering of ingested text is performed before processing.
- [COMMAND_EXECUTION]: Note: The skill includes a positive security instruction to build Milvus filter expressions safely by validating field names and escaping values to prevent injection vulnerabilities in the resulting integration.
Audit Metadata