orient
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several shell commands to collect context:
gh issue viewis used to retrieve structured data about a specific GitHub issue.ls ai-workspace/decisions/*.mdandtail -20 ai-workspace/MEMORY.mdare used to read local project configuration and history files.- [EXTERNAL_DOWNLOADS]: The skill fetches issue data (title, body, labels) from GitHub. This communication is performed via the official GitHub CLI (
gh) targeting a well-known service for the intended purpose of task management. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes external, untrusted content from GitHub issues without explicit sanitization or boundary markers.
- Ingestion points: Data is ingested from the output of
gh issue view(external issue title and body) and local workspace files like.branch-context.mdandMEMORY.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present when the agent processes the fetched issue context.
- Capability inventory: The skill has the capability to execute shell commands (
gh,ls,tail,head). - Sanitization: There is no evidence of sanitization, filtering, or validation performed on the issue content before it is used to determine task types or branch names.
Audit Metadata