ghwf2-spec
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses 'git' and 'gh' (GitHub CLI) to read issue data, commit generated documents, and update issue labels. It pushes changes to the repository automatically without manual confirmation.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and incorporates external GitHub issue comments into the specification generation process. Evidence Chain: 1. Ingestion points: GitHub issue body and comments fetched via 'gh issue view'. 2. Boundary markers: No specific delimiters or safety instructions are defined to separate user/issue content from the agent's instructions. 3. Capability inventory: File system read/write access and the ability to push commits to a remote repository. 4. Sanitization: The skill does not specify any sanitization or validation logic for the external content retrieved from GitHub.
Audit Metadata