Skills
skills/anupam-io/sprint-skills/sprint/Gen Agent Trust Hub

sprint

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection. It retrieves and processes data from GitHub issues which could contain adversarial instructions designed to hijack the sub-agent's behavior.
  • Ingestion points: The runner script run-sprint.sh instructs the sub-agent to execute gh issue view $NUM to read the task scope.
  • Boundary markers: There are no protective delimiters or explicit instructions provided to the sub-agent to ignore potential commands embedded within the issue content.
  • Capability inventory: The sub-agent is executed via the claude CLI with the --dangerously-skip-permissions flag, granting it full filesystem access and the ability to execute shell commands, perform git operations, and merge code.
  • Sanitization: No sanitization or filtering is performed on the issue content before it is consumed by the sub-agent.
  • [COMMAND_EXECUTION]: The skill relies extensively on executing external system commands to manage the sprint workflow.
  • Evidence: The run-sprint.sh script executes gh for GitHub interactions and claude for code implementation. The pretty.py script uses subprocess.run and subprocess.Popen to manage the pkill and say utilities on macOS.
  • [EXTERNAL_DOWNLOADS]: The skill requires several external tools and packages to function.
  • Evidence: The doctor command in run-sprint.sh checks for the presence of gh (GitHub CLI), @anthropic-ai/claude-code, node, jq, and git. While these are well-known developer tools, their installation and use are central to the skill's operation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 07:44 AM
Security Audit — agent-trust-hub — sprint