plot-idea
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands via
gitand the GitHub CLI (gh) to automate repository management tasks including branch creation, commits, and pull request generation. These operations are core to the stated purpose of the Plot workflow. - [PROMPT_INJECTION]: The skill processes user input from
$ARGUMENTSinto shell commands, which presents an indirect prompt injection surface. The author mitigates this risk by requiring strict regex validation for theslugparameter. - Ingestion points: User-provided
$ARGUMENTSinSKILL.md(Step 1). - Boundary markers: Explicit instructions require that the
slugmust match the regex[a-z0-9-]+. - Capability inventory: File system operations (
mkdir,ln, writing markdown files) and subprocess execution (git,gh) are present inSKILL.md(Steps 3-7). - Sanitization: Validation is enforced for the
slugparameter to prevent path traversal or shell injection in filenames and branches; however, thetitleis interpolated intogit commitandgh pr createcommands without additional specific sanitization instructions.
Audit Metadata