Skills
skills/dzianisv/opencode-plugins/feature-workflow/Gen Agent Trust Hub

feature-workflow

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it instructs the agent to read and interact with content from external sources (GitHub issues, pull requests, and CI logs). Malicious actors could place instructions inside these external fields to influence the agent's implementation or review process.
  • Ingestion points: The agent reads untrusted external data via gh issue list, gh pr view, and gh run view in SKILL.md.
  • Boundary markers: The instructions do not define clear boundaries or provide warnings to the agent to ignore instructions embedded within the processed issue or PR data.
  • Capability inventory: The agent has extensive shell access to perform actions such as git push, gh pr merge, and npm test across all steps in SKILL.md.
  • Sanitization: There is no evidence of sanitization or filtering applied to the external content before it is processed or used in subsequent commands.
  • [COMMAND_EXECUTION]: The workflow relies on the execution of various shell commands for version control and testing. While these are standard development practices, the agent's ability to run arbitrary project scripts via npm test and npm run test:e2e represents a broad capability surface.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 05:13 AM