Skills
skills/bonkey/skills/done/Gen Agent Trust Hub

done

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands using git, gh (GitHub CLI), and wt (Worktrunk) to perform repository operations, including branch querying, committing, pushing, and merging.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface in its "pre-flight" step (Step 0), which instructs the agent to read and follow instructions from various repository files such as AGENTS.md, .clinerules, and .cursor/rules/*. A malicious repository could use these files to provide instructions that override the agent's behavior.
  • Ingestion points: The agent reads AGENTS.md, CLAUDE.md, CONTRIBUTING.md, .cursor/rules/*, .github/copilot-instructions.md, and .clinerules in SKILL.md.
  • Boundary markers: Absent. The skill directs the agent to "follow any @-includes" and verify the branch satisfies the rules without specific isolation or sanitization.
  • Capability inventory: The skill has capabilities to modify the local and remote repository state, including performing merges and pushing to the main branch remote.
  • Sanitization: Absent. Content from the rule files is treated as authoritative for the repository workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 10:23 AM