scope-guard
Warn
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to build and run shell commands by interpolating user-supplied strings, such as feature names and descriptions, into templates (e.g.,
python3 scripts/deferred_capture.py --title "<feature name>"). This pattern is susceptible to command injection if the input contains shell metacharacters and is not properly sanitized or executed via safe APIs. - [EXTERNAL_DOWNLOADS]: The skill's deferral process relies on a local file at
scripts/deferred_capture.py. This script is not included in the provided file set, which constitutes an unverifiable dependency being executed in the environment. - [DATA_EXFILTRATION]: The skill is designed to automatically create issues and discussions on GitHub to record deferred features. This involves transmitting local technical context, business value assessments, and feature ideas to an external service provider.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by ingesting and acting upon data from the
docs/backlog/queue.mdfile. (1) Ingestion points:docs/backlog/queue.md(2) Boundary markers: Absent (3) Capability inventory: Shell command execution (gh,python3), file modification (4) Sanitization: None described in the provided modules.
Audit Metadata