Skills
skills/athola/claude-night-market/github-initiative-pulse/Gen Agent Trust Hub

github-initiative-pulse

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection by processing external content from GitHub issues, pull requests, and project boards to generate digests.
  • Ingestion points: External data is ingested through ProjectTracker.get_status_report() and GitHub board synchronization as described in modules/status-digest.md.
  • Boundary markers: The templates provided in modules/github-comment-snippets.md do not explicitly include delimiters or instructions for the agent to ignore embedded commands in the source data.
  • Capability inventory: The skill uses a listed tool minister-tracker and references a local CLI script tracker.py for data processing.
  • Sanitization: The SKILL.md troubleshooting section includes a manual recommendation for users to check for unescaped characters in task titles if rendering issues occur.
  • [COMMAND_EXECUTION]: The instructions describe the use of a local command-line utility tracker.py for task management and status generation (e.g., tracker.py status --github-comment). These operations are consistent with the skill's primary purpose as a project management and reporting tool.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 06:22 AM
Security Audit — agent-trust-hub — github-initiative-pulse