implement
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to its reliance on external and local data sources for instructions. \n
- Ingestion points: Content is retrieved from GitHub issues using
gh issue viewand from local implementation files attmp/issues/<issue番号>/plan.md. \n - Boundary markers: No specific delimiters or instructions to ignore embedded prompts are defined in the skill logic. \n
- Capability inventory: The skill has broad system access through the
Bash,Write,Edit, andTasktools, which can be misused if malicious instructions are processed. \n - Sanitization: There is no validation or sanitization of ingested content before it informs the agent's implementation steps. \n- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to perform development operations, including fetching issue data, committing changes via git, and executing project-specific test suites. \n- [EXTERNAL_DOWNLOADS]: Retrieves issue information and metadata from GitHub's official services using theghcommand-line utility.
Audit Metadata