Skills
skills/erikpr1994/materialize/source-triage/Gen Agent Trust Hub

source-triage

Fail

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The LOG.md file (item #145) references the domain interface-design.dev as a visual design system model. This domain has been flagged as a phishing site by automated security scans. Since the skill's instructions for Flow 2 direct the agent to 'Study it at the source,' there is a risk that the agent or user may be directed to this malicious domain, potentially leading to credential theft or malware exposure.
  • [COMMAND_EXECUTION]: The skill uses the GitHub CLI (gh) and shell commands to fetch data from external repositories (gh issue list, gh api graphql, gh api repos/commits). While these are functional components of the triage tool, they involve the execution of commands that process data from arbitrary external sources.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its ingestion of untrusted external data.
  • Ingestion points: Content from GitHub issues, discussions, and commit messages from external repositories is read into the agent context in Flow 1 and Flow 2.
  • Boundary markers: The instructions do not define boundary markers or 'ignore' instructions for the external content.
  • Capability inventory: The skill uses the gh CLI and has the ability to read and write local repository files (e.g., LOG.md, CLAUDE.md).
  • Sanitization: No sanitization or validation of the fetched external content is described in the workflow, allowing malicious instructions embedded in issues or commits to potentially influence the agent.
Recommendations
  • AI detected serious security threats
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 20, 2026, 03:46 PM
Security Audit — agent-trust-hub — source-triage