Skills
skills/vanilla-bar/kernel/think/Gen Agent Trust Hub

think

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the GitHub CLI (gh issue view) to fetch issue metadata and content based on user-supplied arguments.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted data from GitHub issues that could influence the agent's behavior.
  • Ingestion points: Untrusted data enters the agent context via the output of the gh issue view command in SKILL.md.
  • Boundary markers: The instructions do not define explicit delimiters or security markers to separate untrusted issue content from the agent's instructions.
  • Capability inventory: The skill possesses the ability to perform web searches, read the entire codebase, and write to files within the docs/specs/ and docs/decisions/ directories.
  • Sanitization: There is no evidence of sanitization or validation performed on the retrieved issue title or body before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 12:05 PM