public-relations-manager
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to monitor and respond to untrusted content from GitHub issues and comments.
- Ingestion points: GitHub repository issues and comments as described in references/README.md.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are defined in the persona configuration.
- Capability inventory: The agent can execute local CLI commands via the bd tool, write to public GitHub repositories via API, and read project source code.
- Sanitization: No sanitization or validation of the external content is mentioned before it is processed by the model or used in commands.
- [COMMAND_EXECUTION]: The agent uses a local command-line tool (bd) to manage project tasks. Documentation in references/README.md shows the agent interpolating untrusted GitHub issue titles directly into command strings (e.g., bd create "Bug: [Issue title]"), which presents a risk of command injection if the input is not properly escaped.
- [EXTERNAL_DOWNLOADS]: The skill performs network operations to interact with GitHub's API. These interactions target a well-known service for the skill's primary purpose and do not involve sensitive data exfiltration.
Audit Metadata