Skills
skills/tbsten/skills/contribute-rule/Gen Agent Trust Hub

contribute-rule

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from the files it analyzes.
  • Ingestion points: Reads project files like CLAUDE.md, .claude/rules/, and the general codebase to extract knowledge (Step 2).
  • Boundary markers: The skill lacks explicit delimiters or instructions to ignore embedded commands within the processed data during its summarization phase.
  • Capability inventory: The skill can execute shell commands via git and gh CLI to create commits and Pull Requests (Step 5).
  • Sanitization: There is no automated sanitization or escaping of the ingested content before it is used to populate the Pull Request body.
  • [DATA_EXFILTRATION]: The skill reads local project information and transmits it to a public GitHub repository. This functionality is intended for rule contribution but carries a risk of accidental data exposure. Mitigation is provided through a mandatory review step and instructions to remove credentials, PII, and internal domain names.
  • [COMMAND_EXECUTION]: The skill utilizes shell commands (git, gh) to perform repository operations such as cloning, committing, and creating Pull Requests. These actions are triggered after user confirmation.
  • [EXTERNAL_DOWNLOADS]: The skill clones the TBSten/skills repository to retrieve a rule-creation guide (add-rule.md). This establishes a dependency on remote content from the author's repository.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 06:23 AM