Skills
skills/tanabee/skills/plan/Gen Agent Trust Hub

plan

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via external GitHub issue content.
  • Ingestion points: Data fetched from gh issue view (SKILL.md).
  • Boundary markers: Absent. The instructions do not define delimiters for external content or provide warnings to disregard instructions within the issue.
  • Capability inventory: The skill utilizes Bash, Write, and Task tools, which provide a significant attack surface if the agent is manipulated.
  • Sanitization: No sanitization or content validation is implemented for the issue text.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to interact with the GitHub CLI and the local environment. While intended for analyzing the codebase, this capability can be exploited if the agent is misled by malicious input from an external issue.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 12:27 PM