changelog
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates external data from GitHub into the agent's context without sanitization.
- Ingestion points: The skill reads pull request descriptions, labels, and issue details from GitHub using the
ghcommand-line tool. - Boundary markers: No delimiters or safety instructions are provided to distinguish between system instructions and data retrieved from the repository.
- Capability inventory: The agent has access to
gh cli(read) andcurl(write to webhooks), which could be leveraged by injected instructions to exfiltrate data or perform unauthorized actions. - Sanitization: The skill lacks logic to validate or escape external content before processing.
- [DATA_EXFILTRATION]: The skill provides instructions to configure a Discord webhook for automatic updates. While user-controlled, this allows internal code changes and deployment details to be transmitted to an external service.
- [COMMAND_EXECUTION]: The skill instructions direct the agent to execute shell commands using
gh clifor repository interaction andcurlfor network requests.
Audit Metadata