Skills
skills/shunsukehayashi/miyabi/autonomous-coding-agent/Gen Agent Trust Hub

autonomous-coding-agent

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the claude CLI via child_process.spawn to perform automated coding tasks.
  • [PROMPT_INJECTION]: Vulnerable to Indirect Prompt Injection (Category 8).
  • Ingestion points: Untrusted data enters the agent context through the prompt argument in the codex_execute tool and the github.event.issue.body in the GitHub Actions example.
  • Boundary markers: No boundary markers or protective instructions are present to separate system instructions from untrusted user content.
  • Capability inventory: The invoked claude CLI has extensive capabilities, including file system access and shell command execution.
  • Sanitization: The implementation includes sanitizePrompt, but it only filters shell metacharacters (` and $) and does not sanitize the natural language content for malicious instructions.
  • [EXTERNAL_DOWNLOADS]: The skill uses the @modelcontextprotocol/sdk Node.js package, which is a well-known service from Model Context Protocol.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 01:36 PM