cs-issue-analyze
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run a local Python script
codestable/tools/search-yaml.pyto query archived project data. This script is a project-specific utility.\n- [DATA_EXFILTRATION]: The skill provides instructions for the agent to access and read various files throughout the repository, includingARCHITECTURE.md,AGENTS.md, and source code files. This behavior is necessary and expected for the skill's primary purpose of root cause analysis.\n- [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection (Category 8) by interpolating user-supplied input into a shell command template.\n - Ingestion points: User-provided search keywords (e.g.,
{issue 关键词}) in the search command.\n - Boundary markers: No boundary markers or escaping instructions are provided to delimit the user input within the command string.\n
- Capability inventory: The agent utilizes shell-based capabilities including Python script execution, grep, and globbing.\n
- Sanitization: There is no explicit requirement for the agent to sanitize or validate the user input before inclusion in the command, creating a potential command injection vulnerability if the input contains shell metacharacters.
Audit Metadata