panther-strike
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements a legitimate development workflow for issue resolution within the 'AutumnsGrove/Lattice' repository.
- [EXTERNAL_DOWNLOADS]: The skill executes
pnpm installto synchronize dependencies from the official NPM registry, which is a well-known and trusted service. - [PROMPT_INJECTION]: The skill possesses an inherent attack surface for indirect prompt injection as it processes external data from GitHub issues. * Ingestion points: Issue content fetched via
gh issue view(SKILL.md). * Boundary markers: Not explicitly defined to isolate issue text from instructions. * Capability inventory: File modification (Edit tool), local shell execution (gw, gf, pnpm), and git commit/push capabilities. * Sanitization: No explicit sanitization of issue body content is performed before processing.
Audit Metadata