Skills
skills/bacoco/shipguard/sg-scout/Gen Agent Trust Hub

sg-scout

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted content from external GitHub repositories.
  • Ingestion points: The skill fetches README files and source code using gh api and base64 -d in Phase 2 of SKILL.md.
  • Boundary markers: Absent. The skill does not use specific delimiters or instructions to the agent to disregard embedded instructions within the fetched files.
  • Capability inventory: The agent can execute shell commands (gh, grep), write to the local file system (docs/scout-reports/), and create/comment on GitHub issues within the bacoco/ShipGuard repository.
  • Sanitization: Absent. The fetched content is passed to the LLM for scoring and proposal generation without explicit validation or escaping.
  • [COMMAND_EXECUTION]: The skill uses the GitHub CLI (gh api, gh issue) and shell utilities such as grep, base64, and head to perform its primary research tasks. While these are legitimate tools for its stated purpose, they represent the skill's ability to interact with the environment and external services.
  • [EXTERNAL_DOWNLOADS]: The skill fetches repository metadata and file content from GitHub's official API (api.github.com). As this targets a well-known service, the interaction itself is considered safe, though the data retrieved is untrusted.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 01:35 PM