Skills
skills/phrazzld/claude-config/log-bitcoin-issues/Gen Agent Trust Hub

log-bitcoin-issues

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill assembles shell commands using findings from an external audit tool. Specifically, the gh issue create operation uses findings to populate the body and title. Without explicit sanitization, malicious findings could inject shell operators or flags into the gh command line execution.- [PROMPT_INJECTION] (HIGH): High-risk Indirect Prompt Injection (Category 8) vulnerability.
  • Ingestion points: Findings data ingested from the /check-bitcoin skill in Step 1.
  • Boundary markers: Absent. The process does not use delimiters or instructions to prevent the agent from obeying instructions embedded within the findings.
  • Capability inventory: Full access to the gh CLI, allowing for repository modification (issue creation, listing).
  • Sanitization: Absent. There is no evidence of validation or escaping for the finding content before it is interpolated into shell commands.- [DATA_EXFILTRATION] (MEDIUM): The skill is designed to log P0 security issues, such as private keys found in the repo. By automatically posting these secrets into GitHub issues, it may inadvertently increase the exposure of sensitive credentials to a wider audience or third-party integrations monitoring the issue tracker.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 10:57 AM