Skills
skills/goffity/claude-km-skill/dev-km/Gen Agent Trust Hub

dev-km

Warn

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface (Category 8).
  • Ingestion points: skills/pr-review/SKILL.md fetches review comments via gh api; scripts/pr-review-poll.sh fetches review states via GitHub APIs.
  • Boundary markers: Absent in raw data ingestion, but the instructions explicitly mandate the use of quoted heredocs (<<'EOF') in shell commands to prevent the expansion of untrusted external content.
  • Capability inventory: The skill has extensive capabilities including git operations, GitHub CLI interaction, network access via curl, and the ability to spawn new CLI instances.
  • Sanitization: scripts/notify.sh implements an alphanumeric whitelist for strings sent to macOS notifications.
  • [COMMAND_EXECUTION]: High-Autonomy CLI Spawning (Category 10).
  • The pr-poll daemon (scripts/pr-review-poll.sh) can be configured with --auto-respond to automatically spawn the claude CLI using --permission-mode bypassPermissions. This allows the agent to autonomously address review feedback, which is a high-autonomy behavior processing untrusted input.
  • [CREDENTIALS_UNSAFE]: Credential Management (Category 2).
  • The skill handles Jira API tokens and Anthropic API keys. It utilizes standard secret management practices by recommending environment variables or local configuration files (.jira-config) which are automatically added to .gitignore during initialization.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 10, 2026, 02:33 PM