team-collaboration-issue
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from external sources.
- Ingestion points: The skill reads GitHub issue descriptions and comments using
gh issue viewinresources/implementation-playbook.md(lines 20-30). - Boundary markers: No boundary markers or 'ignore' instructions are present to distinguish between the skill's instructions and potentially malicious instructions embedded in the issue content.
- Capability inventory: The skill has extensive shell capabilities, including
git,ghCLI,npm,grep,rg, and the ability to execute local scripts viagit bisect run(line 45). - Sanitization: There is no evidence of sanitization or validation of the issue content before it is processed by the agent.
- [COMMAND_EXECUTION]: The playbook contains several patterns for executing shell commands and scripts.
- It encourages the use of
gh,git, andnpmcommands, which are necessary for the skill's purpose but increase the attack surface if the agent is manipulated by injected content. - The use of
git bisect run ./test_issue.sh(line 45) executes a script within the local repository, which could be a vector for remote code execution if the repository itself contains malicious test scripts. - [DATA_EXFILTRATION]: While the skill includes best practices to avoid committing secrets, the agent's broad access to the filesystem and the
ghCLI creates a risk of data exposure if an attacker provides a malicious issue description designed to harvest credentials or sensitive files.
Audit Metadata