kh-assistant
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it retrieves and processes content from public GitHub issues and discussions using the gh CLI. Maliciously crafted content in these public forums could attempt to manipulate the agent's behavior or decision-making during debugging workflows.
- Ingestion points: Results from gh issue list and GitHub discussions API.
- Boundary markers: The skill does not specify the use of delimiters or specific instructions to treat retrieved content as untrusted data.
- Capability inventory: The agent is authorized to execute terraform, gh, grep, and other CLI tools.
- Sanitization: There are no explicit steps provided to sanitize or filter the content fetched from external sources.
- [COMMAND_EXECUTION]: The skill's operational model relies on the execution of several CLI tools, including terraform, gh, and grep, to manage infrastructure configurations and fetch project metadata. While these tools are central to the skill's purpose, they represent an active command execution surface that requires oversight of input arguments.
Audit Metadata