slash-commands
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOWCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill provides documentation for an indirect prompt injection surface. 1. Ingestion points: $ARGUMENTS and positional placeholders in SKILL.md. 2. Boundary markers: Absent in provided templates; input is interpolated directly. 3. Capability inventory: The patterns involve tools like Bash, gh (GitHub CLI), and TodoWrite. 4. Sanitization: No guidance is provided on sanitizing or escaping external content.
- COMMAND_EXECUTION (INFO): The skill documents the '!' prefix for local bash context injection. While this is a standard feature of the target tool, it facilitates local command execution that requires careful management by the user.
Audit Metadata