Skills
skills/asiaostrich/universal-dev-standards/pr/Gen Agent Trust Hub

pr

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill facilitates the processing of untrusted external data (pull request descriptions and code), creating an attack surface for indirect prompt injection.
  • Ingestion points: Data enters the context via Read, Grep, and gh (GitHub CLI) commands used to inspect pull request content, commit history, and metadata.
  • Boundary markers: The instructions lack explicit boundary markers or directives (e.g., XML tags or clear delimiters) to instruct the AI to ignore potentially malicious commands embedded in pull request content.
  • Capability inventory: The agent is granted access to file system tools (Read, Glob, Grep) and a restricted subset of bash commands (git and gh) as specified in the allowed-tools section of SKILL.md.
  • Sanitization: There are no defined processes for sanitizing, validating, or escaping retrieved content before it is processed by the AI agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 03:59 AM