issue-start
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill executes local shell commands such as
pnpm check:allandpnpm typecheck. It also utilizesTeamCreateandTaskCreateto delegate work to sub-agents. While these are intended for development, they can be leveraged to execute arbitrary code if the input issue files are compromised. - DATA_EXFILTRATION (LOW): The skill exposes local system information by hardcoding absolute file paths (e.g.,
/Users/choegihwan/Documents/Projects/...). This reveals the host's directory structure and username to the AI model. - PROMPT_INJECTION (LOW): The skill is highly susceptible to indirect prompt injection. It reads untrusted data from
개발 TODO.mdand associated issue.mdfiles, which are then passed directly to sub-agents as part of their core instructions without sanitization or clear boundary markers. - Ingestion points: Reading
개발 TODO.mdand linked issue files in Steps 1 and 2. - Boundary markers: Absent; the issue content is passed as a "full text" instruction to the
issue-reviewerand other sub-agents. - Capability inventory: The skill has the ability to write files, execute shell commands via
pnpm, and spawn additional agents. - Sanitization: None; the skill explicitly states it passes the "selected issue .md 전문" (full text) to the sub-agents.
Audit Metadata