pre-work-research
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it ingests untrusted data from external websites and local files without explicit sanitization or boundary markers.\n
- Ingestion points: External content via
WebFetchandWebSearch(Step 4), and local repository files viacatandgrep(Steps 2 and 3).\n - Boundary markers: None identified in the provided instructions; data is processed directly into the agent's context.\n
- Capability inventory: File system reading (
cat,grep,ls,find) and the ability to post comments to GitHub issues (gh issue comment).\n - Sanitization: No sanitization or validation of external content is specified before the agent processes it.\n- [COMMAND_EXECUTION] (SAFE): The skill utilizes standard command-line tools for codebase navigation and documentation retrieval.\n
- Evidence: Usage of
ls,cat,find,grep,pnpm info, andghis consistent with the skill's stated purpose of repository research and is not considered malicious.
Audit Metadata