workon
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
ghCLI and the vendor'smawtool to manage issues and create worktrees. These actions are standard for the skill's purpose and involve well-known or vendor-specific tools. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: Untrusted data enters via
gh issue viewinSKILL.md. Boundary markers: None are present to delimit external content or warn against embedded instructions. Capability inventory: The skill can execute shell commands, create GitHub issues, and send messages to other oracles. Sanitization: No escaping or validation is performed on the ingested issue content before it is passed to downstream tasks.
Audit Metadata