Skills
skills/gabeosx/agent-skills/github-scrum-flow/Gen Agent Trust Hub

github-scrum-flow

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes various system commands to manage the software development lifecycle.
  • Evidence: Uses git for branch management and commits, gh CLI for interacting with GitHub issues and pull requests, and pnpm for project linting and type-checking.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core functionality of reading external data.
  • Ingestion points: Reads external data from GitHub issues via gh issue view and gh issue list (SKILL.md).
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the ingested issue content are defined.
  • Capability inventory: The agent has the capability to execute shell commands (git, gh, pnpm), write to the filesystem, and push code to remote repositories.
  • Sanitization: There is no evidence of sanitization or validation of the text retrieved from GitHub issues before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 07:15 PM