ghwf5-implement
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the GitHub CLI to retrieve external issue and pull request data.
- Evidence: Executes "gh issue view" and "gh pr view" to fetch context for the implementation steps.
- [COMMAND_EXECUTION]: The skill automates Git operations to manage code changes and synchronize with remote repositories.
- Evidence: Executes "git add", "git commit", and "git push" as part of the implementation loop.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by executing instructions derived from an external file.
- Ingestion points: Reads implementation instructions and step details from "03_PLAN.md" and "state.json".
- Boundary markers: No explicit markers or warnings are used to distinguish the plan content from system instructions or to ignore embedded commands.
- Capability inventory: The agent has permissions to write code to the local file system, execute shell commands (Git/GH CLI), and push data to remote repositories.
- Sanitization: There is no evidence of sanitization, validation, or structural enforcement for the content read from the plan file before it influences agent behavior.
Audit Metadata