Skills
skills/eho/agent-skills/user-story-implementer/Gen Agent Trust Hub

user-story-implementer

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via the processing of untrusted external data.
  • Ingestion points: The skill fetches data from external sources using gh issue view, gh issue list, and gh pr view --comments (found in SKILL.md).
  • Boundary markers: The instructions lack explicit boundary markers or delimiters to separate agent instructions from the untrusted content found in issue bodies or comments.
  • Capability inventory: The agent has the capability to execute shell commands (git, gh), perform file system writes (implementing code), and commit/push changes to a repository (found in SKILL.md and scripts/create_pr.sh).
  • Sanitization: There is no evidence of sanitization or validation of the content retrieved from GitHub before it is used to influence the agent's actions.
  • [COMMAND_EXECUTION]: The skill performs extensive shell command execution to manage the development lifecycle.
  • It executes git for branching and commits and the gh CLI for managing issues and pull requests.
  • It executes a bundled shell script scripts/create_pr.sh to automate PR creation. While the script uses proper quoting for variables and mktemp for body content, it ultimately executes actions based on inputs derived from the untrusted GitHub issue data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 11:38 AM