chain-patterns
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides patterns for processing external data such as CI logs, repository metadata, and web content, creating an indirect prompt injection surface.
- Ingestion points: Data enters the agent context through CLI tools like gh and network tools like WebFetch.
- Boundary markers: The provided templates do not explicitly include delimiters or instructions to ignore embedded commands in the ingested data.
- Capability inventory: The patterns involve high-privilege capabilities such as agent spawning (Agent), task scheduling (CronCreate), and shell command execution.
- Sanitization: No sanitization or validation logic is specified for interpolated variables like repository names or PR numbers.
- [COMMAND_EXECUTION]: The documentation includes patterns for scheduling recurring tasks using CronCreate and the /loop command.
- Evidence: Examples include executing shell commands such as 'npm test' and 'gh pr checks'.
- Mitigation: The skill includes best practices such as ensuring CronDelete conditions are met to prevent persistent background processes.
Audit Metadata