Skills
skills/continuedev/skills/all-green/Gen Agent Trust Hub

all-green

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill retrieves PR review comments and is instructed to "make the requested change" without any human oversight or sanitization.\n
  • Ingestion points: gh api graphql fetches reviewThreads in SKILL.md (Step 3a).\n
  • Boundary markers: Absent. The agent is explicitly told to "Read the comment" and "Make the requested change" (Step 3b).\n
  • Capability inventory: git push --force-with-lease, git rebase, and execution of local npm scripts provide high-impact repository modification permissions.\n
  • Sanitization: None. The agent does not verify the intent or safety of the comment instructions.\n- [Command Execution] (MEDIUM): The skill executes various local scripts and complex git commands. While these are part of its intended function, they serve as the execution vehicle for an attacker who successfully injects instructions via a PR comment.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:47 PM