Skills
skills/avantmedialtd/skills/complete-work/Gen Agent Trust Hub

complete-work

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it extracts content from external project files (openspec/changes/<id>/proposal.md) to use as summaries in git commits and arguments for Jira operations.
  • Ingestion points: Reads openspec/changes/<id>/proposal.md in step 2 of SKILL.md.
  • Boundary markers: Absent. The instructions do not define delimiters for the ingested data or specify that the data should be treated as untrusted.
  • Capability inventory: The skill uses subprocess calls to git commit, af jira transition, and af jenkins build as seen in SKILL.md.
  • Sanitization: Absent. There is no mention of escaping or validating the extracted strings before they are passed to CLI tools.
  • [COMMAND_EXECUTION]: The skill relies heavily on executing shell commands through the git CLI and the af utility (for Jira and Jenkins). While these are standard tools for its intended purpose, the interpolation of untrusted strings (like the <summary> derived from a local file) into command-line arguments like git commit -m "<summary>" represents a risk if the source file contains shell metacharacters.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 01:35 PM