Skills
skills/rube-de/cc-skills/update/Gen Agent Trust Hub

update

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests and acts upon untrusted data from external sources.
  • Ingestion points: The skill fetches issue titles, bodies, and metadata via the gh issue list command in SKILL.md (Step 3).
  • Boundary markers: No explicit delimiters or instructions are used to separate the skill's operational logic from the potentially adversarial content found within the issues.
  • Capability inventory: The skill possesses write-access capabilities to the repository via gh issue close, gh issue edit, and gh issue comment (Step 9), and read-access to the local filesystem via Grep and Glob (Step 5).
  • Sanitization: There is no evidence of data sanitization or validation for the content extracted from issue bodies before it is used to populate tool arguments or influence task categorization.
  • Mitigation: The workflow includes a mandatory interactive approval step (AskUserQuestion in Step 8) for all categories of remediation, which serves as a critical defense-in-depth measure against autonomous exploitation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 05:28 AM