Skills
skills/openhands/skills/verify/Gen Agent Trust Hub

verify

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it interprets content from external GitHub reviews and comments as actionable instructions.
  • Ingestion points: Untrusted data enters the agent context via gh pr view --json reviews and gh api .../comments as defined in SKILL.md and references/workflow-signals.md.
  • Boundary markers: No delimiters or safety warnings are used when interpolating the fetched comment text into the agent's reasoning loop.
  • Capability inventory: The agent can execute git commit, git push, and gh pr comment, which could be exploited if malicious instructions are embedded in PR feedback.
  • Sanitization: The skill lacks sanitization or validation logic for the retrieved comment and review bodies.
  • [COMMAND_EXECUTION]: The skill relies on shell command execution via the gh and git CLIs to perform repository management and polling. While these tools are standard, the automation loop is driven by the evaluation of external repository data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 09:06 PM