self-improvement
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface through its GitHub integration logic.\n
- Ingestion points: The agent retrieves potentially untrusted data (titles, bodies, reviews, comments) from external GitHub pull requests and issues via the
ghCLI in theLearning from GitHub PRs and Issuessection.\n - Boundary markers: There are no explicit boundary markers or instructions to isolate this untrusted content from the agent's operational logic during the extraction and logging process.\n
- Capability inventory: The skill has the capability to execute shell commands (
ghCLI) and perform file write operations to critical project files likeCLAUDE.md.\n - Sanitization: The instructions do not describe any sanitization or validation of the extracted GitHub content before it is promoted to the permanent project memory.\n- [COMMAND_EXECUTION]: The skill uses the GitHub CLI (
gh) to fetch data from remote repositories. While this is a functional requirement and uses a well-known tool, it involves executing shell commands with arguments derived from project metadata.
Audit Metadata