team-feature
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes external content that could contain malicious instructions. Ingestion points: The skill reads external data from GitHub issues, pull requests, and git diffs using gh and git commands (SKILL.md). Boundary markers: Absent; there are no instructions to use delimiters or ignore embedded commands when passing this data to subagents. Capability inventory: The skill can spawn general-purpose subagents and execute CLI commands. Sanitization: Absent; the ingested content is used directly as context for analysis and implementation tasks.
- [COMMAND_EXECUTION]: The skill uses local CLI tools to retrieve development context. Evidence: Uses git diff, gh pr view, and gh issue view to gather feature specifications (SKILL.md). Context: These commands are used for their intended purpose in a development workflow and are considered safe.
Audit Metadata