team-test
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands through
gitandgh(GitHub CLI) to fetch code diffs, pull request metadata, and issue details based on user-provided arguments. This is a standard and expected behavior for a developer-focused agent skill. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it ingests and processes content from potentially untrusted external sources.
- Ingestion points: External content enters the agent's context through
gh pr diff,gh issue view,git show, and local file globbing/reading. - Boundary markers: The skill does not define explicit boundary markers or provide instructions to the sub-agents to ignore or isolate instructions that might be embedded within the source code or PR descriptions being analyzed.
- Capability inventory: The lead agent and sub-agents have the capability to execute shell commands (
git,gh), read the local filesystem, and spawn further sub-agents via theTasktool. - Sanitization: There is no evidence of sanitization, filtering, or validation of the text retrieved from GitHub or local files before it is interpolated into prompts for the sub-agents.
Audit Metadata