Skills
skills/geekbot-com/geekbot-cli/geekbot-run/Gen Agent Trust Hub

geekbot-run

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill recommends installing the vendor's official CLI tool, geekbot-cli, via npm. This is a legitimate requirement for the skill's functionality and originates from the same author as the skill.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it pulls context from external sources (such as GitHub PRs, Jira tickets, and Slack messages) to help draft standup reports. This is a standard feature for this type of tool and is mitigated by strict operational instructions.\n
  • Ingestion points: Data enters the context from connected MCP servers (GitHub, GitLab, Jira, Linear, Asana, Calendar, Slack) and previous report history.\n
  • Boundary markers: The skill explicitly instructs the agent to display all pulled data to the user and requires explicit user review and approval before submitting any report.\n
  • Capability inventory: The agent can execute geekbot CLI commands for reading and writing standups, polls, and reports.\n
  • Sanitization: Mitigation relies on human-in-the-loop verification before report creation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 09:42 PM