skill-deep-dive
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it is designed to ingest and process untrusted data from external GitHub repositories.
- Ingestion points: The skill instructions in
SKILL.mdguide the agent to use the GitHub CLI (gh) to retrieve code search results, issue descriptions, and pull request data, as well as performing local file reads on the target repository's contents. - Boundary markers: The skill does not provide instructions for the agent to use delimiters or specific safety instructions (e.g., "ignore embedded instructions") when processing the fetched data.
- Capability inventory: The skill has the capability to write files (the synthesized HTML reports) to the user's local filesystem.
- Sanitization: There are no instructions to sanitize or escape the content retrieved from the repository before it is inserted into the
template.htmlfile, which could result in the execution of malicious scripts if the generated HTML document is opened in a web browser.
Audit Metadata