Skills
skills/mysticaltech/terraform-hcloud-kube-hetzner/fix-issue/Gen Agent Trust Hub

fix-issue

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through external GitHub issue data.
  • Ingestion points: Fetches issue descriptions and comments via gh issue view in Step 1.
  • Boundary markers: No delimiters or protective instructions are used to separate ingested content from system commands.
  • Capability inventory: Includes shell command execution, file system modification, terraform plan execution, and git push to remote repositories.
  • Sanitization: None. The skill explicitly instructs the agent to read all comments, which increases the exposure to malicious payloads.
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute a wide range of shell commands including git, terraform, and GitHub CLI. In Step 4, the <issue description> is interpolated directly into command lines for the codex tool, creating a potential command injection surface if the description contains shell metacharacters.
  • [DATA_EXFILTRATION]: The skill guides the agent to read core configuration files (variables.tf, locals.tf) and push code to a remote repository. While intended for legitimate fixes, this capability could be subverted to exfiltrate project logic or secrets if the agent is compromised via indirect prompt injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 11:51 PM