self-test
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a local shell script (tests/run-all.sh) and the gh-manager binary to perform automated testing. This functionality is essential for the skill's stated purpose of self-test and validation.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and processes untrusted data from GitHub, such as issue descriptions and pull request comments, which could contain adversarial instructions.\n
- Ingestion points: Data is retrieved from GitHub via API calls initiated by the gh-manager tool.\n
- Boundary markers: The skill does not provide instructions for the agent to use delimiters or boundary markers to distinguish between data and instructions when processing fetched content.\n
- Capability inventory: The agent has permissions to execute shell commands, perform network operations via a GitHub token, and modify local source files.\n
- Sanitization: There is no evidence of data sanitization or validation specified in the skill instructions to prevent the execution of instructions found in external GitHub content.
Audit Metadata