github-url-intercept
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses strong imperative language such as 'BLOCKING INTERCEPT' and 'STOP' to override the agent's default behavior for handling web links. While functional for token optimization, these markers match instruction-overriding patterns.
- [PROMPT_INJECTION]: The skill processes untrusted GitHub URLs, creating an indirect prompt injection surface. Ingestion points: External URLs from user prompts are parsed by the
scripts/test_url_routing.pyutility. Boundary markers: The skill instructs the agent to return and process structured JSON output. Capability inventory: The skill can execute local Python scripts and the GitHub CLI (gh api). Sanitization: The routing script implements specific regex validation and character filtering (CWE-78 mitigation) to prevent command injection from malformed URL paths or repository names. - [COMMAND_EXECUTION]: The skill provides the agent with specific shell commands to execute
python3scripts andgh apirequests using parameters extracted from user-provided URLs.
Audit Metadata