standup-notes
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute GitHub CLI (gh) commands or use GitHub MCP tools to retrieve commits, pull requests, and issues. These operations are standard for tracking developer activity and are restricted to repositories defined in the local configuration file.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the nature of its workflow.
- Ingestion points: The agent reads data from local configuration files (
standup.config.md), previous standup notes, and external GitHub data (PR titles, commit messages). - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat fetched external content as data rather than instructions.
- Capability inventory: The agent has the ability to read and write files in the local workspace and execute commands via the GitHub CLI.
- Sanitization: The skill does not implement any validation or sanitization of the content retrieved from GitHub or local files before processing it.
Audit Metadata