swain-dispatch
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates an automated workflow where content from local repository files is pushed to an autonomous agent environment. This creates a surface for indirect prompt injection.
- Ingestion points: Artifact content is read from local markdown files within the
docs/directory during Step 2 of the dispatch workflow. - Boundary markers: The artifact content is placed within a Markdown section in the generated GitHub Issue body, but the prompt lacks explicit delimiters or instructions to the background agent to ignore embedded commands within the artifact.
- Capability inventory: The skill possesses the ability to create GitHub Issues (
gh issue create) and trigger repository dispatches (gh api), which directly influence the input for downstream autonomous agents. - Sanitization: No validation, escaping, or sanitization of the artifact content is performed before it is interpolated into the GitHub Issue body.
- [SAFE]: The skill references the
anthropics/claude-code-action@v1GitHub Action. As this originates from a trusted organization, it is considered a safe dependency for the intended background execution environment.
Audit Metadata