Skills
skills/kumo-ai/kumo-coding-agent/kumo-issue/Gen Agent Trust Hub

kumo-issue

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the GitHub CLI ('gh') to check authentication status, retrieve the reporter's login name, and create issues via the 'gh issue create' command. These operations are directed at the vendor's official repository ('kumo-ai/kumo-coding-agent').
  • [COMMAND_EXECUTION]: Employs the 'grep' tool to search for user-provided keywords within the 'context/' and 'skills/' directories to identify affected files.
  • [DATA_EXFILTRATION]: Transmits issue descriptions, expected behavior, and relevant file paths to the 'kumo-ai/kumo-coding-agent' repository on GitHub. This activity is the primary intended function of the skill and targets vendor-controlled infrastructure.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it accepts untrusted input through the '$ARGUMENTS' variable and interpolates it directly into shell commands ('grep') and the body of the GitHub issue. * Ingestion points: User-provided input via the '$ARGUMENTS' variable in 'SKILL.md'. * Boundary markers: Not utilized to separate user input from the skill's internal instructions. * Capability inventory: Includes shell command execution ('gh', 'grep') and network communication with the GitHub API. * Sanitization: No explicit validation or escaping of user input is defined within the skill's instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 02:05 AM
Security Audit — agent-trust-hub — kumo-issue