github-project-setup
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill exhibits a high-risk attack surface for indirect prompt injection due to the combination of untrusted data ingestion and privileged tool access.\n
- Ingestion points: The skill triggers on and processes 'github project setup' data and 'enterprise workflow patterns'.\n
- Boundary markers: Absent. The instruction set lacks delimiters or specific instructions to treat external data as non-executable text.\n
- Capability inventory: The skill is granted access to
Bash,Write,Edit, andReadtools, allowing for arbitrary system commands and file system changes.\n - Sanitization: Absent. There are no defined logic steps to validate or sanitize input from GitHub projects before it influences agent actions.\n- Command Execution (HIGH): The explicit allowance of the
Bashtool enables a high-severity impact if the agent is manipulated by adversarial project content into running malicious shell scripts during the 'setup' phase.
Recommendations
- AI detected serious security threats
Audit Metadata