correct-course
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes GitHub CLI commands (
gh issue close,gh issue comment) and file system operations (deletion) to manage repository state. These actions are the primary purpose of the skill and are gated behind manual user confirmation for each item. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it reads data from external sources like GitHub issues and research archives to determine which artifacts are stale.
- Ingestion points: Reads GitHub PRD and slice issues, and research archive entries in
~/.claude/research/(SKILL.md, Step 2). - Boundary markers: Absent; the instructions do not specify delimiters or tell the agent to ignore instructions within the ingested data.
- Capability inventory: The skill can perform file deletions and modify GitHub issue states via the
ghtool. - Sanitization: No explicit sanitization or content validation is performed on the data read from external sources.
- Mitigation: The risk is addressed by the skill's design, which mandates a 'one question per turn' interaction model and explicit user approval for every individual cleanup action.
Audit Metadata