Skills
skills/gendosu/agkan-skills/execute-review/Gen Agent Trust Hub

execute-review

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted data from task descriptions (via agkan task list).
  • Ingestion points: Data enters the context from the agkan tool's task list output, specifically the task body containing the PR URL.
  • Boundary markers: Absent. There are no instructions to delimit the external data or to disregard embedded instructions within the task body.
  • Capability inventory: The agent has the capability to execute shell commands using the gh (GitHub CLI) and agkan tools.
  • Sanitization: Absent. The skill does not define validation or sanitization logic for the extracted <PR URL> or <id> before they are interpolated into shell commands.
  • [COMMAND_EXECUTION]: The workflow performs direct shell interpolation of variables (<PR URL> and <id>) retrieved from external sources into command templates like gh pr view <PR URL>. Without explicit sanitization, this pattern is vulnerable to command injection if the input data contains shell metacharacters.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 06:42 AM