snap-resolve
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface
- Ingestion points: SKILL.md (Step 1 Fetch) gathers content from PR titles, bodies, comments, review threads, and recursively fetches data from linked issues, discussions, and documentation.
- Boundary markers: Absent. The instructions do not define delimiters or specific warnings to ignore instructions embedded in the fetched content.
- Capability inventory: The skill executes shell commands via the
ghCLI (references/ci-checks.md, references/thread-resolution.md), runs verification commands (SKILL.md), and performs TDD cycles (references/tdd-cycle.md). It also executes GraphQL mutations on GitHub. - Sanitization: Absent. There is no evidence of filtering or sanitizing external content before it influences the agent's planning or command execution.
- [COMMAND_EXECUTION]: Shell Command Execution
- The skill frequently uses the
ghCLI to interact with GitHub repositories, view run logs, and execute GraphQL queries/mutations. - The workflow requires executing verification commands and running test suites during the TDD cycle, which are derived from the context of the issues being resolved.
Audit Metadata