spike
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (gh) to view and edit project information and issues ('gh repo view', 'gh issue view', 'gh issue edit'). This is a standard operation for managing technical decisions within a Git-based workflow.
- [DYNAMIC_EXECUTION]: The agent is directed to write and run throwaway 'spike' scripts (e.g., Python or TypeScript) in a local './spikes/' directory. This involves executing dynamically generated code to validate API behavior or SDK functionality.
- [INDIRECT_PROMPT_INJECTION]: The skill processes data from GitHub issues and local specification files to identify dependencies, creating a surface for potential injection. Ingestion points: Content is read from GitHub issues via 'gh issue view' and from files within the './specs/' directory. Boundary markers: Absent; there are no explicit instructions to delimit or ignore instructions found within the spec files or issue bodies. Capability inventory: The agent can perform file system writes, edit GitHub issues, and execute generated code. Sanitization: Absent; the instructions do not include steps to sanitize or validate external content before it is used to generate proofs or update documentation.
Audit Metadata