Skills
skills/troykelly/codex-skills/project-status-sync/Gen Agent Trust Hub

project-status-sync

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (MEDIUM): The skill is vulnerable to indirect prompt injection (Category 8) due to its data-handling patterns.
  • Ingestion points: The skill reads external data from GitHub using gh project item-list and gh project field-list in SKILL.md.
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands within issue content are present.
  • Capability inventory: The skill possesses write capabilities via gh project item-edit, allowing it to modify project status, numbers, and text fields.
  • Sanitization: While jq is used for parsing JSON structure, there is no explicit sanitization of the values being written back to GitHub fields if they originate from untrusted issue descriptions.
  • COMMAND_EXECUTION (LOW): The skill relies heavily on shell command execution using the GitHub CLI (gh) and jq. The provided templates use placeholders like [PROJECT_NUMBER] and [ISSUE_NUMBER]. If the parent agent interpolates these values without strict validation or quoting, it could lead to local command injection on the runner executing the skill.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 06:20 AM