research-codebase
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection when fetching GitHub issue data. Ingestion points: The skill uses 'gh issue view $ARG --comments' in 'SKILL.md' to retrieve external data from GitHub. Boundary markers: There are no explicit delimiters used to separate the external data from the agent's instructions, increasing the risk that the LLM might follow instructions embedded within the issue. Capability inventory: The agent has the ability to search the codebase using 'Grep' and 'Glob' and read file contents. Sanitization: The skill does not perform any sanitization or validation of the fetched data to prevent instruction injection.
- [COMMAND_EXECUTION]: The skill executes external commands to fulfill its purpose. It uses the 'gh' tool to fetch remote data and standard utilities like 'Grep' and 'Glob' for local filesystem analysis.
Audit Metadata