project-view-status
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from GitHub Project items.
- Ingestion points: The skill fetches project item lists using the 'gh project item-list' command in SKILL.md.
- Boundary markers: No delimiters or instructions to ignore embedded commands are present in the prompt instructions.
- Capability inventory: The skill utilizes 'gh' CLI for network data retrieval and command execution.
- Sanitization: There is no evidence of sanitization or validation of the ingested JSON data before report generation.
- [COMMAND_EXECUTION]: The documentation suggests bypassing critical security controls.
- Evidence: In the 'sandbox 環境での実行' section of SKILL.md, the skill recommends using 'GIT_SSL_NO_VERIFY=1'. Disabling SSL/TLS verification is a security best practice violation that exposes the communication to Man-in-the-Middle (MitM) attacks.
Audit Metadata