org-maintenance
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local shell script at
~/.claude/scripts/org-maintenance.shto gather data about git worktrees and open pull requests across repositories. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from PR comments, code diffs, and CI logs to identify and apply 'mechanical fixes'.
- Ingestion points: Untrusted data enters the agent context through PR descriptions, comments, branch code, and CI status outputs.
- Boundary markers: There are no specific delimiters or instructions used to isolate untrusted PR content from the agent's core logic.
- Capability inventory: The agent has the ability to execute local shell scripts, run git/gh commands, and push code changes to remote branches.
- Sanitization: No sanitization or validation of the PR content is mentioned before the agent attempts to resolve issues.
- [PROMPT_INJECTION]: Includes a flow-control instruction marked as 'IMPORTANT' to define exit behavior for standalone requests, which is benign and intended for operational guidance.
Audit Metadata