scope-guard
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests data from untrusted local files to perform scoring and comparison tasks.
- Ingestion points: Reads
docs/backlog/queue.mdto compare feature worthiness and prioritize tasks. - Boundary markers: No specific boundary markers or instructions to ignore embedded commands are present in the files being processed.
- Capability inventory: Execution of shell commands for git metrics (e.g.,
git diff,git rev-list) and GitHub CLI operations (gh issue create,gh api graphql). - Sanitization: The skill provides shell templates in
modules/github-integration.mdthat use double-quote interpolation for placeholders. This provides minimal protection if the agent populates placeholders with unvetted data from the backlog file. - [COMMAND_EXECUTION]: The skill performs local shell operations to monitor branch health (lines changed, commit counts, etc.) and uses the GitHub CLI (
gh) to automate issue and discussion creation. These tools are used for their intended purpose in a developer workflow.
Audit Metadata