apply-all-findings
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill possesses an indirect prompt injection surface. It is designed to ingest findings from a 'comprehensive-review' artifact and use that data to drive subsequent automated actions, including shell command execution and file modifications.
- Ingestion points: Data enters the agent context through the 'comprehensive-review' output and GitHub issue descriptions.
- Boundary markers: No specific delimiters or 'ignore embedded instruction' warnings are present to isolate finding text from the workflow instructions.
- Capability inventory: The skill utilizes powerful tools including 'Bash' for arbitrary command execution, 'Edit' and 'Write' for file system access, and 'mcp__github__*' for repository and issue management.
- Sanitization: The skill lacks explicit instructions for the agent to sanitize or escape finding text before interpolating it into sensitive contexts, such as the arguments for 'gh issue create' commands.
Audit Metadata