Skills
skills/hirokisakabe/issuekit/acceptance-check/Gen Agent Trust Hub

acceptance-check

Fail

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is instructed to execute shell commands extracted directly from the body of a GitHub issue in Step 3 (e.g., 'make help'). This functionality lacks any sanitization or validation, allowing an attacker to execute arbitrary malicious code by modifying the issue's acceptance criteria section.
  • [PROMPT_INJECTION]: The skill is highly susceptible to indirect prompt injection because it ingests and acts upon untrusted data from an external source.
  • Ingestion points: The gh issue view command in Step 1 retrieves the full issue body which is then used to derive execution instructions.
  • Boundary markers: There are no markers or instructions provided to the agent to treat the issue content as untrusted data or to distinguish it from its own instructions.
  • Capability inventory: The skill has the capability to execute shell commands and perform file system operations (test, readlink, grep).
  • Sanitization: No validation or sanitization is performed on the extracted checklist items before they are passed to the shell for execution.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 11, 2026, 08:21 AM
Security Audit — agent-trust-hub — acceptance-check