analysis
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill executes a local Python script
scripts/analyze_deps.pyvia theBashtool, using a--featureparameter derived from external GitHub issue content. This pattern allows for command injection if the input contains shell metacharacters. - PROMPT_INJECTION (LOW): The skill facilitates indirect prompt injection by ingesting untrusted data from GitHub issues and comments to guide the analysis process. Evidence Chain: 1. Ingestion points:
mcp__github-mcp__get_issueandmcp__github-mcp__get_issue_commentsinSKILL.md. 2. Boundary markers: Absent. 3. Capability inventory:Bashtool and file read/write operations. 4. Sanitization: Absent; the skill lacks explicit instructions to sanitize or escape input from GitHub.
Audit Metadata