Skills
skills/fandhe-ai/agent-cli-skills/project-archive-done/Gen Agent Trust Hub

project-archive-done

Warn

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions suggest using GIT_SSL_NO_VERIFY=1 in sandbox environments. This environment variable disables SSL/TLS certificate verification for both Git and the GitHub CLI (gh). Disabling this fundamental security layer makes all network traffic to and from GitHub vulnerable to Man-In-The-Middle (MITM) attacks, where an attacker could intercept or modify the data being sent.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from an external source (GitHub Projects).\n
  • Ingestion points: The agent retrieves item titles and metadata using gh project item-list in Step 2 of the flow.\n
  • Boundary markers: The skill lacks any boundary markers or instructions telling the agent to treat the retrieved content as untrusted data or to ignore any commands found within it.\n
  • Capability inventory: Across the scripts, the agent has the capability to archive items (gh project item-archive), list metadata (gh project field-list), and communicate with the user.\n
  • Sanitization: There is no evidence of sanitization, escaping, or validation of the fetched project data before it is presented to the user or used to drive subsequent agent actions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 16, 2026, 09:50 PM