implement
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to interact withgitand the GitHub CLI (gh) for operations such asgh issue view,git commit,git push, andgh pr create. Risks associated with command execution are mitigated by a mandatory user approval step before any changes are committed or pushed to a remote repository.\n- [EXTERNAL_DOWNLOADS]: The agent is directed to fetch data from remote sources, specifically GitHub issues and external web pages viaWebFetchandWebSearch, which is necessary for gathering feature requirements and context.\n- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection because it incorporates instructions and data from external sources into its workflow.\n - Ingestion points: Content retrieved from GitHub issues, project documentation, and web search results.\n
- Boundary markers: Absent; the instructions do not define clear delimiters or provide warnings to the agent to disregard instructions embedded within external context.\n
- Capability inventory: The skill has access to
Bash(shell execution),Write/Edit(filesystem modification), andWebFetch(network access).\n - Sanitization: Absent; there is no explicit filtering or validation of the external content before it is used to guide the implementation process.\n- [SAFE]: The skill demonstrates safe behavior by explicitly instructing the agent to exclude sensitive files like
.env, credentials, and tokens when staging files for a commit.
Audit Metadata