start-issue
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes Git commands (
git remote,git checkout,git pull) to manage the repository and updates a local state file using themarshCLI orjqfor atomic writes to~/.config/marshroom/state.json. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) when processing data from the Marshroom state file. Ingestion points: The
issueBodyfield is read from~/.config/marshroom/state.jsonand displayed to the agent. Boundary markers: None; the content is injected into the agent's context without delimiters or instructions to ignore embedded commands. Capability inventory: The skill has the ability to manipulate Git branches, pull code from remotes, and modify local configuration files. Sanitization: No validation or escaping is performed on theissueBodycontent before it is processed by the agent.
Audit Metadata