meeting
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it fetches and processes untrusted content from GitLab and GitHub issues, including descriptions and comments. This data is interpolated into prompts for sub-agents used in the meeting simulation.
- Ingestion points: Step 1 (Understand the Subject) fetches data from external issue trackers using CLI tools.
- Boundary markers: The prompt template in Step 3 uses a simple 'Context:' header but lacks strict delimiters or explicit instructions for the LLM to ignore embedded directives in the fetched content.
- Capability inventory: The skill can post comments to issues (
glab issue note,gh issue comment), execute Git commands (branch,commit,push), and modify local source code. - Sanitization: No sanitization or validation of the fetched issue content is performed before processing.
- [COMMAND_EXECUTION]: The skill utilizes several CLI tools including
glab,gh, andgitto interact with remote repositories and manage the local development environment. These tools are used for project collaboration and automated implementation tasks. The workflow requires explicit user confirmation in Step 5 before the agent initiates the implementation phase or posts results to external issues.
Audit Metadata