objective
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use
gh(GitHub CLI) anderk(environment-specific CLI) to automate issue management, progress tracking, and the creation of implementation plans. These operations are consistent with the skill's stated purpose of coordinating complex, multi-PR workflows. - [PROMPT_INJECTION]: The instructions include specific behavioral requirements, such as mandating that the agent ask the user before closing an objective. These are functional constraints for the skill's logic and do not represent attempts to override core safety filters.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by ingesting external data from GitHub. • Ingestion points: The agent reads issue bodies and comment history via
gh issue view --comments(referenced inreferences/workflow.md). • Boundary markers: No specific delimiters or instructions are provided to the agent to treat issue content as untrusted or to ignore embedded instructions. • Capability inventory: The agent can execute shell commands (gh,erk), modify issue states, and generate implementation plans. • Sanitization: No evidence of validation or sanitization of the ingested GitHub data was found in the skill configuration.
Audit Metadata