Skills
skills/qiao-925/qiao-skills/w00-workflow-checkpoint/Gen Agent Trust Hub

w00-workflow-checkpoint

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands using the GitHub CLI (gh) to manage issues (gh issue view, gh issue comment, gh issue list). These commands are used as intended to automate the persistence of workflow states.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from external GitHub Issues.
  • Ingestion points: Data enters the agent's context when reading issue content and comments via gh issue view <id> --comments in SKILL.md.
  • Boundary markers: The skill instructions do not define delimiters or specific "ignore embedded instructions" warnings for the content retrieved from GitHub.
  • Capability inventory: The skill possesses the capability to modify remote resources using gh issue comment and gh issue create as described in SKILL.md.
  • Sanitization: There is no specified sanitization, validation, or filtering of the content retrieved from GitHub issues before the agent acts upon it.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 02:22 AM