Skills
skills/fradser/dotclaude/resolve-issues/Gen Agent Trust Hub

resolve-issues

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing external data from GitHub.\n
  • Ingestion points: The agent fetches issue lists and descriptions using the gh issue list command in SKILL.md, integrating this untrusted content into its decision-making context.\n
  • Boundary markers: The skill instructions do not define clear boundaries or provide safety warnings to the agent to ignore instructions embedded within the fetched issue data.\n
  • Capability inventory: The agent has access to tools including git, gh, and various build/test tools (npm, pytest) which can modify the repository and environment.\n
  • Sanitization: There is no evidence of sanitization or filtering applied to the external issue content before it is processed by the agent.\n- [COMMAND_EXECUTION]: The skill relies on the execution of multiple system commands to manage git worktrees and perform software quality checks.\n
  • Evidence: The workflow-details.md file specifies the use of commands like git worktree, npm test, and pytest, which, while standard for the task, carry inherent risks if directed by malicious input.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 02:32 AM