Skills
skills/gihwan-dev/claude-code-gui/milestone-execute/Gen Agent Trust Hub

milestone-execute

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill processes external content from files like SPEC.md, milestone.md, and plan.md to drive its logic.
  • Ingestion points: SPEC.md, milestone.md, plan.md, and survey.md in the project root.
  • Boundary markers: Absent. The instructions do not specify any delimiters or warnings to ignore embedded instructions within these data files.
  • Capability inventory: The skill executes shell commands (pnpm typecheck, pnpm run lint) and delegates code implementation to sub-agents which have file-writing capabilities.
  • Sanitization: Absent. The skill treats the content of these files as trusted structural data for generating implementation tasks.
  • [Command Execution] (MEDIUM): The skill automatically executes shell commands (pnpm) based on the outcome of the implementation phase. While these are standard development tools, an attacker-controlled package.json or milestone.md could potentially influence the environment or lead to code execution during the verification step.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:36 PM