Skills
skills/jonhilt/practical-engineer/spec/Gen Agent Trust Hub

spec

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the ingestion of untrusted content from GitHub issues and local files.
  • Ingestion points: Content is retrieved from GitHub using gh issue view and from local files like ./theories.md or user-specified paths.
  • Boundary markers: The instructions do not define boundary markers or provide warnings to the agent to disregard instructions that may be embedded within the theory content.
  • Capability inventory: The skill performs file system writes to PROGRESS.md and the specs/ directory, and utilizes the gh CLI to modify GitHub issues via gh issue edit.
  • Sanitization: No sanitization, escaping, or validation logic is implemented for the data retrieved from external sources before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 09:19 PM