Skills
skills/sheldonxxxx/skills/git-kb-capture/Gen Agent Trust Hub

git-kb-capture

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted data from a remote repository to guide its behavior.
  • Ingestion points: The scripts/gh_kb_helper.sh script reads markdown content and directory structures from a GitHub repository via gh api and base64 decoding.
  • Boundary markers: Neither SKILL.md nor the helper script implement delimiters or "ignore instructions" warnings when processing the retrieved content.
  • Capability inventory: The skill has the ability to execute shell commands, create/modify files on the local filesystem, and commit changes to a remote GitHub repository.
  • Sanitization: No sanitization or validation of the fetched repository content is performed before it is used by the agent to determine organization patterns or suggest new note content.
  • [COMMAND_EXECUTION]: The skill relies on a bundled bash script (scripts/gh_kb_helper.sh) to perform GitHub operations. The workflow instructions include shell templates like echo "{markdown_content}" > /tmp/kb-note.md which, if not properly handled by the agent's execution environment, could lead to command injection if the discussion content contains shell metacharacters.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 01:06 PM