feature-branch
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using the Bash tool to interact with git and the GitHub CLI (gh).
- Evidence: The instructions in SKILL.md specify the use of gh issue view, gh issue list, git fetch, and git checkout to manage feature branches.
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) because it processes untrusted data from external GitHub issues.
- Ingestion points: Untrusted data enters the context through the gh issue view and gh issue list commands used in Step 1 of SKILL.md.
- Boundary markers: Absent. The skill does not use delimiters or specific instructions to isolate or ignore potentially malicious content within the fetched issue data.
- Capability inventory: The skill has the capability to execute commands via the Bash tool, including branch creation and checkout operations based on issue summaries.
- Sanitization: Absent. Although the instructions request kebab-case formatting for branch names, there is no programmatic sanitization or validation of the external issue content before it is used.
Audit Metadata