Skills
skills/andrewvaughan/agent-council/gtm-review/Gen Agent Trust Hub

gtm-review

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes standard project lifecycle commands including pnpm lint, pnpm format:check, pnpm build, and pnpm test. These operations are used to gather data for the quality audit and are consistent with the skill's purpose.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by reading untrusted content from GitHub issues to build a capabilities matrix and generate reports.
  • Ingestion points: The skill reads issue titles and bodies via gh issue view and gh issue list in SKILL.md.
  • Boundary markers: No explicit delimiters or warnings are used when providing issue content to the sub-agents.
  • Capability inventory: The skill can write back to GitHub via gh issue comment and gh issue edit, and commit files to the local repository.
  • Sanitization: No validation or sanitization of issue content is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 09:14 PM