Skills
skills/davepoon/buildwithclaude/ops-gtm/Gen Agent Trust Hub

ops-gtm

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted content from the local repository to populate prompts for research sub-agents.\n
  • Ingestion points: Reads README.md, package.json, pyproject.toml, Cargo.toml, go.mod, .planning/**/*.md, and docs/**/*.md (SKILL.md, Runtime Context step 4).\n
  • Boundary markers: Missing. Content from these files is interpolated directly into research agent prompts (e.g., for paid-research and unpaid-research) without delimiters or instructions to ignore embedded instructions.\n
  • Capability inventory: Executes shell commands via Bash, writes files to the plugin data directory, and invokes other skills using the Skill tool.\n
  • Sanitization: No evidence of content escaping, validation, or filtering of the scanned file content before prompt interpolation.\n- [COMMAND_EXECUTION]: The skill utilizes Bash to perform repository analysis (e.g., git remote -v, cat README.md) and to manage its internal preferences via jq. These operations are restricted to the current working directory and the skill's specific data directory, presenting a localized and expected capability for its stated purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 06:48 AM