Skills
skills/carlitose/agent-skills/execute-issue/Gen Agent Trust Hub

execute-issue

Warn

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill uses npx ctx7@latest for documentation lookup. This command downloads and executes an external package from the NPM registry at runtime.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by processing issue data from untrusted sources (GitHub, Linear, local files, or pasted text).
  • Ingestion points: SKILL.md (Step 1) specifies reading problem descriptions and criteria from external trackers and local Markdown files.
  • Boundary markers: The instructions lack delimiters or explicit constraints to distinguish between the issue's data and the agent's instructions, potentially leading the agent to follow instructions embedded within the issue itself.
  • Capability inventory: The agent is granted permission to explore the repository, execute build and test commands, and perform git commits.
  • Sanitization: No validation or sanitization of the issue text is described before the agent acts upon it.
  • [COMMAND_EXECUTION]: The skill executes project-specific commands (e.g., tests, build, lint, format) found within the repository's configuration files, which could lead to arbitrary code execution if the repository contains malicious scripts.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 11, 2026, 10:39 AM