implement
Pass
Audited by Gen Agent Trust Hub on May 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill extensively uses shell commands to interact with issue management tools and build systems. Several commands interpolate user-controlled variables like issue IDs and descriptions (e.g., 'bd show '), creating a surface for command injection if input is not properly validated.\n- [REMOTE_CODE_EXECUTION]: In 'references/binary-deployment-gate.md', the skill includes a command to download and execute a shell script directly from the author's GitHub repository: 'bash <(curl -fsSL https://raw.githubusercontent.com/boshu2/agentops/main/scripts/install.sh)'. This is a vendor-provided mechanism for maintaining the agentops plugin.\n- [EXTERNAL_DOWNLOADS]: The skill fetches configuration and installation scripts from 'raw.githubusercontent.com' within the author's 'boshu2' organization.\n- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection as it processes external issue descriptions that drive subagent exploration and implementation logic.\n
- Ingestion points: Untrusted data enters the agent context through issue IDs or descriptions retrieved via 'bd show' or provided directly by the user in 'SKILL.md' and 'references/workflow.md'.\n
- Boundary markers: There are no explicit delimiters or warnings to isolate the ingested issue content from the agent's core instructions.\n
- Capability inventory: The skill has the capability to modify the local filesystem (Edit/Write tools) and execute arbitrary shell commands for testing and building as described in 'references/workflow.md'.\n
- Sanitization: The skill does not implement validation or sanitization of ingested issue data before it is used to influence the agent's implementation decisions.
Audit Metadata