org-standards
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local shell script located at
~/.claude/scripts/org-standards.shto gather repository configurations. It also utilizes the GitHub CLI (gh) and Git worktree commands to manage branches and pull requests. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its core functionality of processing untrusted data.
- Ingestion points: The skill reads and compares files across multiple repositories (e.g.,
.lintr, CI workflows,README.md) and monitors GitHub PR reactions and comments for state transitions (Phase 6). - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands within the scanned files are defined.
- Capability inventory: The agent possesses significant capabilities, including the ability to modify local files via Git worktree, push code to remote repositories, and create/manage pull requests using the GitHub CLI.
- Sanitization: There is no evidence of sanitization or validation of the content read from external repositories before it is used to influence the agent's logic for propagating fixes.
Audit Metadata