Skills
AGENT LAB: SKILLS
skills/github/awesome-copilot/make-repo-contribution/Gen Agent Trust Hub

make-repo-contribution

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill is highly susceptible to indirect injection because it explicitly instructs the agent to find and follow rules located in external, potentially untrusted repository files.
  • Ingestion points: The skill reads README.md, CONTRIBUTING.md, project documentation, and issue/PR templates from the repository (documented in SKILL.md).
  • Boundary markers: There are no instructions to treat repository-provided guidelines as untrusted or to isolate them from the agent's core system instructions.
  • Capability inventory: The skill has the authority to create branches, commit code, push changes, and create pull requests.
  • Sanitization: No sanitization or validation of the instructions found in the repository is performed before the agent acts on them.
  • Command Execution (MEDIUM): The skill directs the agent to execute shell commands based on repository requirements for building and testing.
  • Evidence: The 'Tasks' section in SKILL.md and the 'Testing' section in assets/pr-template.md prompt the agent to run linters, unit tests, and build processes.
  • Risk: An attacker could modify a repository's build or test scripts (e.g., in a package.json or Makefile) to execute malicious code when the agent attempts to satisfy contribution prerequisites.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 09:22 PM