plot-deliver
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs repository management tasks using shell commands, including Git operations and file system modifications.
- Evidence: Step 7 describes the delivery process using git checkout, git rm, ln -s, git add, git commit, and git push to finalize the workflow.
- Evidence: Step 4 executes a local helper script located at ../plot/scripts/plot-impl-status.sh, which resides outside the skill's own directory.
- [PROMPT_INJECTION]: The skill incorporates an indirect prompt injection surface by processing untrusted content from external GitHub Pull Requests during the completeness verification phase.
- Ingestion points: Step 5 retrieves Pull Request data, including titles, descriptions, and code diffs, via gh pr view and gh pr diff commands.
- Boundary markers: The model guidance for subagent delegation does not specify the use of explicit delimiters or instructions to ignore potential commands embedded within the ingested PR data.
- Capability inventory: The skill possesses capabilities to execute shell commands, modify repository files, and perform git push operations to remote repositories.
- Sanitization: No explicit sanitization or escaping is performed on the PR content before it is analyzed by the orchestrator and subagents.
Audit Metadata