drive
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/milestone_status.pyexecutes the GitHub CLI (gh) usingsubprocess.runto fetch repository and milestone data. The execution uses a list of arguments without a shell, which is a secure practice for calling external binaries. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it fetches milestone descriptions and issue titles from GitHub, which are then processed by the agent. This is a standard risk for tools interacting with external data.
- Ingestion points: GitHub milestone descriptions and issue lists fetched by
scripts/milestone_status.py. - Boundary markers: Not present. The agent processes the raw content returned from the GitHub API.
- Capability inventory: The skill involves reading repo state, creating branches, and updating PRs/issues via the GitHub CLI.
- Sanitization: No specific sanitization or escaping of the fetched GitHub text is performed.
- [SAFE]: All network activity is directed toward GitHub, a well-known service, and the script's local file operations are limited to discovering the project root and validating existence of project documentation.
Audit Metadata