Skills
skills/generaljerel/chalk-skills/work-issue/Gen Agent Trust Hub

work-issue

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from GitHub issues.
  • Ingestion points: Fetches issue titles and bodies via gh issue view (Workflow step 1).
  • Boundary markers: No explicit markers are used to separate untrusted issue content from agent instructions.
  • Capability inventory: The agent can execute shell commands via the Bash tool and read local files.
  • Sanitization: No sanitization is specified for issue content before it is used to analyze scope or generate branch names.
  • [COMMAND_EXECUTION]: Uses the Bash tool to run git commands, including branch creation.
  • Evidence: Workflow step 3 instructs the agent to create a branch using git checkout -b with a name derived from the issue title. This presents a minor risk of command injection if the agent fails to sanitize shell metacharacters in the title.
  • [EXTERNAL_DOWNLOADS]: Communicates with GitHub via the gh CLI.
  • Evidence: Workflow step 1 uses gh issue view to retrieve metadata. This is a trusted and expected operation for the skill's purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 08:10 AM