Skills
skills/allenai/asta-plugins/preview/Gen Agent Trust Hub

preview

Fail

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use the GitHub CLI (gh api) to modify repository branch protection rules. Specifically, it provides commands to overwrite existing protection on the main branch, setting required_approving_review_count to zero and removing review restrictions. This practice significantly reduces the security of the repository by allowing unreviewed code merges.
  • [EXTERNAL_DOWNLOADS]: The provided GitHub Actions workflow (assets/docs.yml) downloads and executes code from quarto-dev/quarto-actions/setup@v2. While common for Quarto projects, this represents an external dependency outside the immediate control of the user or the skill author.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8):
  • Ingestion points: The skill processes .qmd files and captures output from quarto render into quarto-render.log (referenced in assets/docs.yml).
  • Boundary markers: None are defined to separate user-controlled document content from agent instructions.
  • Capability inventory: The skill uses gh api for repository configuration and git push for deployment within the CI/CD pipeline.
  • Sanitization: No sanitization or validation of the rendered content or logs is performed before they are processed by the agent or the CI environment.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 12, 2026, 06:46 AM