breadboarding
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The
preview-markdown.shscript utilizes the GitHub API (gh api /markdown) to render documentation. GitHub is a trusted external source, and the operation is limited to markdown rendering consistent with the skill's purpose. - [COMMAND_EXECUTION] (SAFE): The script executes common command-line utilities (
gh,jq,cat,grep) to process markdown text and check for rendering errors. These commands are used as intended for local file processing and do not involve unauthorized privilege escalation or persistence. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to ingest and map external data such as workflow descriptions and code repositories.
- Ingestion points: User-provided repository paths and text descriptions (as per
SKILL.md). - Boundary markers: None explicitly present to isolate untrusted data from agent instructions.
- Capability inventory: File reading and GitHub API communication via
preview-markdown.sh. - Sanitization: No explicit sanitization or validation of the input content is performed.
- Assessment: While the skill processes untrusted data, its outputs are structured tables and Mermaid diagrams, which significantly limits the risk of an indirect injection attack influencing the agent's behavior beyond the intended mapping task.
Audit Metadata