Skills
skills/troykelly/codex-skills/pre-work-research/Gen Agent Trust Hub

pre-work-research

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection. It is designed to read and process external, untrusted content (issue descriptions, READMEs, and source code) and then perform write operations based on that content.
  • Ingestion points: Processes issue descriptions in Step 1 and reads various repository files using cat and grep in Steps 2 and 3.
  • Boundary markers: Absent. There are no instructions to the agent to treat the researched content as data rather than instructions, nor are there delimiters used when processing this data.
  • Capability inventory: The skill uses gh issue comment to post research summaries to GitHub and executes multiple shell commands (ls, cat, grep, find).
  • Sanitization: Absent. The findings from untrusted sources are directly incorporated into the research summary and GitHub comments without validation or escaping.
  • [COMMAND_EXECUTION] (LOW): The skill frequently uses shell commands to navigate and read the filesystem. While the commands themselves (cat, grep, ls, find) are standard, they provide a mechanism for the agent to interact with the environment in ways that could be manipulated if the search terms or file paths are influenced by malicious input.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 05:48 AM