Skills
skills/troykelly/claude-skills/acceptance-criteria-verification/Gen Agent Trust Hub

acceptance-criteria-verification

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The skill uses the Bash tool to execute commands like gh, pnpm, and npx. It performs shell interpolation of variables (such as ISSUE_NUMBER or test pattern) that are parsed from external GitHub issues. This presents a risk of command injection if the input data contains shell metacharacters (e.g., backticks or dollar signs).
  • [EXTERNAL_DOWNLOADS] (LOW): The skill invokes npx playwright to run E2E tests. This may trigger the download of browser binaries or npm packages at runtime. While the source (Microsoft/npm) is considered trustworthy under [TRUST-SCOPE-RULE], it remains a dynamic execution vector.
  • [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted data from GitHub issue bodies to define its execution plan. 1. Ingestion points: Issue body retrieved via gh issue view. 2. Boundary markers: None identified; criteria are parsed directly from text patterns. 3. Capability inventory: Full Bash access, test execution, and GitHub issue modification permissions. 4. Sanitization: No explicit sanitization of the extracted criteria is performed before they are interpolated into shell commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:10 PM