Skills
skills/c0ntr0lledcha0s/claude-code-plugin-automations/managing-relationships/Gen Agent Trust Hub

managing-relationships

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the subprocess.run method to execute the GitHub CLI tool (gh) for repository metadata retrieval and GraphQL API mutations. This is used safely by passing commands as lists and strictly validating issue numbers as integers to prevent shell injection.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it processes untrusted data from GitHub issue titles and descriptions. 1. Ingestion points: The scripts/manage-relationships.py script fetches issue titles and statuses from external repositories via the run_graphql function. 2. Boundary markers: The output does not use delimiters or instructions to help the agent distinguish retrieved data from instructions. 3. Capability inventory: The skill can modify issue relationships and the agent is granted access to the Bash tool. 4. Sanitization: While issue numbers are validated as integers, issue titles and metadata are rendered in the output without escaping or sanitization.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 09:58 AM