ghwf1-kickoff
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data from GitHub issues and pull requests, creating a surface for Indirect Prompt Injection.
- Ingestion points: Fetches issue body, titles, and comments in Phase 1 and Phase 4 using 'gh issue view' and 'gh pr view' from GitHub.
- Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard embedded instructions within the fetched issue content.
- Capability inventory: The skill has permissions to write to the file system, execute Git commits/pushes, and modify GitHub issue labels and Pull Requests.
- Sanitization: No sanitization or filtering of external content is mentioned before the agent uses it for brainstorming or document generation.
- [COMMAND_EXECUTION]: The skill automates several system commands to manage the development environment.
- Executes 'git' commands for branch creation, commits, and pushing to remote repositories.
- Uses the 'gh' CLI to interact with GitHub for viewing and editing issues and pull requests.
- Sources a local initialization script located at '~/.claude/scripts/wf-init.sh'.
Audit Metadata