investigate
Pass
Audited by Gen Agent Trust Hub on Jul 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface as it is designed to ingest and process potentially untrusted content from the repository (code, documentation, and data) to influence its reasoning and findings.\n
- Ingestion points: The protocol explicitly requires the agent to read "actual code, the actual source document, or the actual data" from the workspace to confirm or refute hunches (SKILL.md).\n
- Boundary markers: There are no instructions or delimiters provided to guide the agent in ignoring instructions that might be embedded within the files being analyzed.\n
- Capability inventory: The skill utilizes tools with shell command execution capabilities, including
bunfor validation, theghCLI for pull request management, andLinear MCPfor project tracking (references/output-schema.md, references/agent-routing.md).\n - Sanitization: No sanitization or filtering of the material is performed before it is analyzed by the agent.\n- [COMMAND_EXECUTION]: The skill integrates with several standard development utilities that execute shell commands on the local system for validation and task management.\n
- Evidence: The documentation describes workflows involving
bun run validate:changed,docker, and theghCLI for environment-specific testing and artifact handling (references/agent-routing.md, references/output-schema.md).
Audit Metadata