github-prior-art
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill establishes an attack surface for indirect prompt injection by directing the agent to ingest and analyze external content.
- Ingestion points: In
SKILL.md, the 'Research Process' section instructs the agent to use a search tool to retrieve content fromgithub.com, including code, issues, and discussions. - Boundary markers: The instructions do not define clear delimiters or provide 'ignore embedded instructions' warnings for the data retrieved from external repositories.
- Capability inventory: While the skill does not use execution tools, it processes external data to influence its technical recommendations and architecture designs, which could be manipulated by an attacker who controls a GitHub repository or issue comment.
- Sanitization: The skill lacks any requirement for the agent to sanitize, filter, or validate the safety of the text fetched from GitHub before it is incorporated into the session context.
Audit Metadata