discover-tasks
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs shell commands using variables like
$PROJECT_NUMBER,$OWNER, and$TASK_ID. While these variables are wrapped in double quotes in the provided scripts, they represent a potential injection vector if the values are sourced from untrusted user input or malicious repository metadata without strict validation. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it ingests and processes external data from GitHub and GitLab issues and pull requests.
- Ingestion points: Reads external data via
ghandglabCLI tools, storing them in temporary JSON files (e.g.,/tmp/gh-issues.json) before parsing. - Boundary markers: No boundary markers or 'ignore' instructions are used when presenting issue titles or bodies to the user or when saving them to the workflow state.
- Capability inventory: The skill has the ability to execute shell commands (
gh,glab,bash,grep), modify local workflow state files, and interact with the user throughAskUserQuestion. - Sanitization: The skill does not perform sanitization or escaping on the ingested issue content (titles, bodies, or labels) before interpolation into its logic or UI components.
- [EXTERNAL_DOWNLOADS]: The skill fetches task and project information from well-known services, specifically GitHub and GitLab. These operations are essential for the skill's stated purpose and target trusted platforms.
Audit Metadata