contributor
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a wide range of system commands and developer tools, including
gh,git,pytest,mypy,ruff,npm,cargo, andgo. It specifically directs the agent to follow a project's "documented setup process" and run its test suites. This involves executing code from the cloned repository, which is a necessary but potentially risky operation if the repository is malicious. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its data ingestion process. It reads external, untrusted content from GitHub issues and pull requests to determine its logic and fix strategy.
- Ingestion points: Fetches data using
gh issue list,gh issue view, andgh pr list, and reads local files likeCONTRIBUTING.mdand.github/workflows/. - Boundary markers: None. The instructions do not define delimiters or provide warnings to the agent to treat external text solely as data.
- Capability inventory: The skill has significant capabilities, including file system access, network communication via the GitHub API, and arbitrary command execution for testing and building projects.
- Sanitization: None. There is no mention of filtering or validating the content retrieved from GitHub before it is processed by the agent's logic.
Audit Metadata