oh-task
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill relies on standard version control and repository management utilities (git, gh) to interact with GitHub.
- [COMMAND_EXECUTION]: The skill executes local build and validation tools based on the project type (e.g., cargo, npm, go) and a review utility (sg). This execution is limited to the isolated worktree created for the specific issue and is necessary for validating code changes.
- [PROMPT_INJECTION]: The skill ingests untrusted data from GitHub issue descriptions and PR comments, creating an indirect prompt injection surface.
- Ingestion points: Reads GitHub issue content via 'gh issue view' and developer/bot reviews via 'gh pr view --comments'.
- Boundary markers: The instructions do not define specific delimiters or instructions to ignore embedded commands within the ingested issue text.
- Capability inventory: The skill has capabilities to modify files, execute shell commands (git, build tools), and interact with remote repositories (git push, gh pr create).
- Sanitization: No input validation or sanitization of the externally sourced issue text or comments is performed before processing.
Audit Metadata