work
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted input from
$ARGUMENTSand external resources (URLs, issues, PRs) to drive its execution logic, which is susceptible to indirect prompt injection. - Ingestion points: Task description and referenced external URLs/issues parsed in
SKILL.md(Step 1). - Boundary markers: None identified; instructions do not specify delimiters for untrusted content.
- Capability inventory: File reading and writing (Step 3), execution of verification commands (Step 3, 4c), and spawning subagents (Step 4b).
- Sanitization: No explicit sanitization, validation, or escaping of input data is mentioned.
- [COMMAND_EXECUTION]: The skill explicitly instructs the agent to execute arbitrary system commands for code verification and integration testing.
- Evidence: The agent is directed to run formatters, linters, targeted tests, and type checks on touched files and modules (Step 3 and Step 4c).
- [NO_CODE]: This skill consists solely of instructions within
SKILL.mdand does not include any accompanying scripts, binaries, or configuration files.
Audit Metadata