implement
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill automates complex workflows by executing numerous shell commands.
- Evidence: Invokes project management and orchestration tools
bdandaothroughoutSKILL.md. - Evidence: Executes standard development tools including
git,grep,jq,go,npm, andpytest. - Evidence: Performs build verification and executes project-generated binaries (e.g.,
./bin/$BINARY --help) in Step 4a ofSKILL.md. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection via issue data processing.
- Ingestion points: Processes issue IDs and full descriptions from external trackers or user input in
SKILL.md. - Boundary markers: Absent; untrusted data is directly embedded into command strings and skill arguments.
- Capability inventory: Includes the ability to write/edit files, execute arbitrary shell commands, and delegate tasks to other high-capability skills like
test,review, andrefactor. - Sanitization: No sanitization logic is present for data interpolated into commands such as
ao context assemble --task='<issue title and description>'.
Audit Metadata