overvy
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple command-line utilities to perform its primary tasks. It uses
curlto interact with the Overvy API (app.overvy.com),gitfor repository management (checkout, push), and thegh(GitHub CLI) for issue and pull request operations. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external sources that are then processed by the agent.
- Ingestion points: The skill retrieves external data using
gh issue view <externalNumber> --repo <projectRef>within the 'Research the issue' step of the workflow. - Boundary markers: There are no delimiters or instructions provided to the agent to ignore or isolate potentially malicious instructions embedded within the GitHub issue body or comments.
- Capability inventory: The skill possesses significant capabilities including network operations via
curl, file system/repository modifications viagit, and GitHub metadata management viagh. - Sanitization: There is no evidence of sanitization, escaping, or validation performed on the retrieved issue content before it is presented to the agent for context.
Audit Metadata