Skills
skills/jianshuo/claude-skills/wjs-looping-feedback/Gen Agent Trust Hub

wjs-looping-feedback

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its core functionality. It processes external data from GitHub issues as direct input for an AI agent with modification capabilities.
  • Ingestion points: The GitHub Actions workflow in .github/workflows/feedback.yml interpolates github.event.issue.title and github.event.issue.body directly into the agent's prompt.
  • Boundary markers: The prompt lacks delimiters or explicit security instructions to isolate the untrusted issue content from the system instructions.
  • Capability inventory: The agent is granted the Bash tool in the workflow configuration, and the workflow environment has contents: write permissions, allowing the agent to execute shell commands and modify the source code.
  • Sanitization: No sanitization or validation is performed on the issue content before it is passed to the agent.
  • [EXTERNAL_DOWNLOADS]: The workflow fetches and executes the anthropics/claude-code-action@v1 GitHub Action. This is an official component provided by a trusted organization.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 09:10 AM
Security Audit — agent-trust-hub — wjs-looping-feedback