major-task
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Instructions specify running project-level
installorsetupcommands when necessary for task execution. - [EXTERNAL_DOWNLOADS]: The agent is directed to
git cloneexternal library or framework repositories if they are not found locally. - [DATA_EXFILTRATION]: Uses
gh(GitHub CLI) to post comments and update Pull Requests, which involves sending data to GitHub's servers as part of normal task synchronization. - [PROMPT_INJECTION]: The skill ingests untrusted data from issue trackers (GitHub, Linear), creating a surface for indirect prompt injection.
- Ingestion points: Data is fetched from tracker descriptions, comments, and attachments using
gh issue view,gh pr view, or Linear integrations. - Boundary markers: Use of
<task>tags for argument passing provides minimal separation; no specific sanitization is defined for tracker content. - Capability inventory: The skill allows file access, shell command execution (e.g.,
git,gh,install), and network interaction. - Sanitization: There are no instructions for sanitizing or validating the content retrieved from external task trackers.
Audit Metadata