working-memory-boost
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (
gh) to perform remote state synchronization. It executes commands to view and update GitHub Issues to serve as a persistent remote storage layer for local task data.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from remote GitHub Issues to reconstruct the local environment state.\n - Ingestion points: Content from GitHub Issue bodies and comments is retrieved and parsed in
SKILL.md(specifically during theresumeflow).\n - Boundary markers: No boundary markers or delimiters are used to isolate the external issue content from the agent's instructional context.\n
- Capability inventory: The skill has permissions to write to the file system, manage directories, and execute Git commands based on the parsed state.\n
- Sanitization: There is no evidence of validation or sanitization of the remote content before it is used to rebuild local files and state.
Audit Metadata