Skills
skills/gendosu/agkan-skills/agkan-review/Gen Agent Trust Hub

agkan-review

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill constructs shell commands using data parsed directly from external task descriptions (e.g., 'gh pr view '). This creates a vulnerability where a crafted task body could execute arbitrary commands via the GitHub CLI.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from the agkan task tracker to drive its logic and tool calls.
  • Ingestion points: The skill ingests data via 'agkan task list' and 'agkan task meta list' commands.
  • Boundary markers: No delimiters or markers are used to isolate the ingested task data from the command instructions.
  • Capability inventory: The environment allows execution of shell commands through the 'gh' and 'agkan' CLI tools.
  • Sanitization: No sanitization or validation of the extracted PR URL is performed before it is passed to the shell.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 06:44 AM