Skills
skills/arinhubcom/arinhub/arinhub-verify-requirements-coverage/Gen Agent Trust Hub

arinhub-verify-requirements-coverage

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through external data ingestion.
  • Ingestion points: Reads pull request bodies via gh pr view and issue descriptions via gh issue view (Steps 3, 5).
  • Boundary markers: Absent. The procedure does not define delimiters or provide instructions for the agent to ignore or isolate embedded commands found within the issue or PR text.
  • Capability inventory: The skill can execute git and gh commands, allowing it to read code, metadata, and repository state.
  • Sanitization: Absent. Data from these external sources is directly parsed for requirements (Step 6) and used to generate analysis reports.
  • [COMMAND_EXECUTION]: The skill constructs shell commands using variables derived from user input and remote metadata.
  • Variables like $PR_NUMBER, $ISSUE_NUMBER, and ${MERGE_BASE} are used in commands such as gh pr view $PR_NUMBER and git diff "${MERGE_BASE}". If the agent fails to strictly extract numeric or valid git identifiers as instructed in Step 2, this could lead to command injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 05:17 PM