pr
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection vulnerability via GitHub issue content.
- Ingestion points: The skill uses
gh issue viewin Phase 1 to fetch external data (issue title/body) which is then used as input for Haiku and Sonnet agents. - Boundary markers: The prompt lacks delimiters or specific instructions to the sub-agents to ignore instructions embedded within the issue body.
- Capability inventory: The skill has extensive capabilities, including executing shell commands (
git,gh, test runners, linters), creating files, and modifying the codebase. - Sanitization: No evidence of sanitization or filtering of the fetched issue content before it is passed to the implementation agents.
- COMMAND_EXECUTION (LOW): The skill performs shell command interpolation using the
$ARGUMENTSvariable (e.g.,git checkout -b issue-$ARGUMENTS,gh issue view #$ARGUMENTS). While usually managed by the execution environment, direct interpolation into shell strings without validation presents a risk of command injection if the input contains shell metacharacters.
Audit Metadata