Skills
skills/jamie-bitflight/claude_skills/complete-milestone/Gen Agent Trust Hub

complete-milestone

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script (.claude/skills/gh/scripts/github_project_setup.py) via the uv run command to manage GitHub resources. It uses this to create milestones, reassign issues, and update Project V2 statuses.
  • [EXTERNAL_DOWNLOADS]: The use of uv run to execute the automation script may trigger the download and installation of necessary Python dependencies from the Python Package Index (PyPI).
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes data from GitHub (such as milestone titles and issue summaries) that could contain malicious instructions.
  • Ingestion points: Untrusted data is retrieved from GitHub via the backlog_list_milestones and backlog_list_issues tools as described in Step 1 of the workflow.
  • Boundary markers: No explicit delimiters or instructions are used to isolate the ingested GitHub content from the agent's logic.
  • Capability inventory: The skill possesses the ability to modify the GitHub repository's state, including closing milestones and reassigning issues via shell commands.
  • Sanitization: There is no evidence of sanitization or validation performed on the milestone titles or issue content before they are used in the workflow or passed as arguments to the execution script.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 08:40 AM