Skills
skills/holon-run/holon/project-pulse/Gen Agent Trust Hub

project-pulse

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes data from GitHub issues and pull requests, including user-controlled fields like titles and labels. This data is used by the agent to make planning and execution decisions, creating a surface for indirect prompt injection.
  • Ingestion points: Data is ingested in scripts/pulse.sh via the gh CLI and stored in issues-index.json, prs-index.json, and report.json.
  • Boundary markers: There are no explicit delimiters or instructions to the agent to disregard instructions found within the fetched GitHub content.
  • Capability inventory: The script uses gh and jq for data retrieval and processing. The SKILL.md suggests the agent may trigger further automated actions (e.g., github-issue-solve) based on the report generated by this skill.
  • Sanitization: No sanitization or filtering is performed on the text content (titles, labels) retrieved from the remote repository.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 11:49 AM