skills/csark0812/toolbox/investigate/Gen Agent Trust Hub

investigate

Pass

Audited by Gen Agent Trust Hub on Jul 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface as it is designed to ingest and process potentially untrusted content from the repository (code, documentation, and data) to influence its reasoning and findings.\n
  • Ingestion points: The protocol explicitly requires the agent to read "actual code, the actual source document, or the actual data" from the workspace to confirm or refute hunches (SKILL.md).\n
  • Boundary markers: There are no instructions or delimiters provided to guide the agent in ignoring instructions that might be embedded within the files being analyzed.\n
  • Capability inventory: The skill utilizes tools with shell command execution capabilities, including bun for validation, the gh CLI for pull request management, and Linear MCP for project tracking (references/output-schema.md, references/agent-routing.md).\n
  • Sanitization: No sanitization or filtering of the material is performed before it is analyzed by the agent.\n- [COMMAND_EXECUTION]: The skill integrates with several standard development utilities that execute shell commands on the local system for validation and task management.\n
  • Evidence: The documentation describes workflows involving bun run validate:changed, docker, and the gh CLI for environment-specific testing and artifact handling (references/agent-routing.md, references/output-schema.md).
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 13, 2026, 05:20 PM
Security Audit — agent-trust-hub — investigate