Skills
skills/charon-fan/agent-playbook/auto-trigger/Gen Agent Trust Hub

auto-trigger

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill facilitates an orchestration layer where context data is passed between skills using template variables such as {feature_name}, {prd_file}, and {pr_title}.
  • Ingestion points: Untrusted data (e.g., PR titles or feature names generated by other processes) is interpolated into trigger contexts defined in SKILL.md.
  • Boundary markers: The configuration does not define explicit delimiters or instructions to the agent to treat these variables as untrusted input.
  • Capability inventory: Triggered skills identified in the documentation, such as self-improving-agent and create-pr, possess high-privilege capabilities including Bash execution, Write, and WebSearch tools.
  • Sanitization: No sanitization or validation mechanisms are described to ensure that data passed through these hooks does not contain malicious instructions that could influence the receiving skill's behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 02:05 AM