deep-resolve
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill incorporates defensive instructions to maintain its analytical framework, requiring the agent to treat user-provided root causes as hypotheses and to refuse requests for implementation or code generation.
- [COMMAND_EXECUTION]: The framework utilizes standard command-line utilities such as git and gh to investigate project history and search repositories for industry practices. These are used for information gathering and analysis within the agent's environment.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its ingestion of untrusted external content. (1) Ingestion points: The agent reads data from user problem descriptions, web search results, and repository code via GitHub CLI. (2) Boundary markers: No explicit delimiters or instructions to disregard embedded commands are provided for these data sources. (3) Capability inventory: The skill has access to file-reading tools (Read, Grep, Glob, LSP), shell execution (git, gh), and web search. (4) Sanitization: The skill does not implement validation or escaping of the content retrieved from external sources before it is analyzed by the agent.
Audit Metadata