Skills
skills/lebsral/dspy-programming-not-prompting-lms-skills/ai-request-skill/Gen Agent Trust Hub

ai-request-skill

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads additional modules and templates from the 'anthropics/skills' repository and the author's 'lebsral/DSPy-Programming-not-prompting-LMs-skills' repository using npx and git clone. These sources are recognized as trusted or vendor-owned.
  • [COMMAND_EXECUTION]: Automates repository management by executing shell commands such as git, gh (GitHub CLI), cp, and npx. These commands are used to create branches, commit files, and interact with GitHub APIs to open pull requests and issues.
  • [PROMPT_INJECTION]: The skill ingests user input via the $ARGUMENTS parameter and interpolates it into shell command templates for GitHub issues and PR bodies. This creates a surface for indirect prompt injection, where malicious input could attempt to influence the agent's behavior or the content of the generated submissions. Evidence found in the use of user-provided capability descriptions within gh pr create and gh issue create blocks.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 06:45 PM
Security Audit — agent-trust-hub — ai-request-skill