yeet
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill possesses a surface for indirect prompt injection by ingesting untrusted data from external repositories.
- Ingestion points: Processes repository discussion templates (references/create-discussion.md), git diffs, and commit messages (references/create-pr.md, references/update-pr.md).
- Boundary markers: Absent. The instructions do not define delimiters or provide warnings to ignore instructions potentially embedded in the external data.
- Capability inventory: The skill can execute
ghcommands to create or edit discussions, pull requests, and issues, andgitcommands to push code. - Sanitization: Absent. The agent is encouraged to analyze the semantic meaning of code changes and descriptions, which may lead to the interpretation of malicious instructions within the data.
- Data Exposure (SAFE): The
scripts/get-macos-version.shscript reads/System/Library/CoreServices/Setup Assistant.app/Contents/Resources/en.lproj/OSXSoftwareLicense.rtfto extract the macOS marketing name. This is a read-only access to a non-sensitive system file for metadata purposes and does not constitute a security risk.
Audit Metadata