Skills
skills/cann-ai-code-reviewer/vibe-review-skill/fix-false-positive/Gen Agent Trust Hub

fix-false-positive

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection because it ingests and processes untrusted data from GitHub issue bodies to automate rule modifications.
  • Ingestion points: The skill fetches external content from issue bodies using the gh api tool in SKILL.md.
  • Boundary markers: There are no explicit delimiters or instructions to the agent to disregard instructions potentially embedded within the issue text.
  • Capability inventory: The agent has permission to use Edit, Write, and Bash (git and GitHub CLI) tools, which can be leveraged to modify the repository or create malicious PRs.
  • Sanitization: No validation or escaping is performed on the parsed issue fields before they are used to determine which rule files to edit or what comments to post.
  • [COMMAND_EXECUTION]: Employs Bash tools to execute git operations (e.g., git checkout, git push) and GitHub CLI commands (e.g., gh pr create, gh issue comment). It also uses rm -rf to clean up temporary directories in /tmp using a specific naming convention. Additionally, it uses dynamic context injection (! syntax) to collect repository metadata via git remote and pwd at skill load time.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 06:28 AM