Skills
skills/c0ntr0lledcha0s/claude-code-plugin-automations/managing-projects/Gen Agent Trust Hub

managing-projects

Warn

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses sudo in SKILL.md to perform system-level package installations and keyring management, which requires administrative access.
  • [COMMAND_EXECUTION]: The helper script scripts/project-helpers.sh employs the eval command within its execute_with_retry function to execute dynamically constructed shell commands, a pattern that can lead to command injection if input parameters are not strictly sanitized.
  • [REMOTE_CODE_EXECUTION]: The functions ensure_gh_cli and update_item_status in scripts/project-helpers.sh attempt to execute local shell scripts (ensure-gh-cli.sh, ensure-dependencies.sh, and graphql-queries.sh) that are not present in the skill package, preventing a full audit of the execution flow.
  • [EXTERNAL_DOWNLOADS]: The skill performs downloads from cli.github.com for tool setup; this source is recognized as a well-known technology service.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from GitHub issue and pull request titles and states in scripts/graphql-queries.sh and scripts/project-helpers.sh. There are no boundary markers or explicit sanitization steps to prevent malicious content in these fields from influencing agent behavior.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 9, 2026, 09:58 AM