dev
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data from external sources.
- Ingestion points: Untrusted data enters the agent context via GitHub issue content identified by the
$ARGUMENTSvariable inSKILL.md. - Boundary markers: There are no delimiters or instructions to ignore instructions embedded within the fetched issue content, increasing the risk of the agent obeying malicious commands.
- Capability inventory: The skill is granted powerful capabilities including
Bash,Write,Edit, and theSkilltool (for calling sub-skills like/implement), which could be misused if the agent follows instructions found in a malicious GitHub issue. - Sanitization: There is no evidence of sanitization, validation, or escaping of the content retrieved from the GitHub issue before it is used to drive the implementation and PR creation steps.
Audit Metadata