contributor

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and processes untrusted data from GitHub issue comments and repository files to determine its contribution strategy.
  • Ingestion points: The skill retrieves issue body and comments using gh issue view and reads project files like CONTRIBUTING.md in SKILL.md.
  • Boundary markers: The instructions lack delimiters or warnings to ignore embedded instructions within the ingested text.
  • Capability inventory: The skill has broad capabilities including shell command execution for tests (pytest, npm, cargo, go) and file system/network operations via git and gh.
  • Sanitization: No validation or sanitization is performed on the data fetched from GitHub before the agent interprets it for architectural guidance.
  • [COMMAND_EXECUTION]: The skill executes various project-specific test and build commands (e.g., pytest, npm, cargo, go, and pre-commit). These commands involve executing code found within the repository, which presents a risk of local code execution if the repository provided by the user is malicious.
  • [EXTERNAL_DOWNLOADS]: The skill downloads external code by forking and cloning repositories from GitHub using the gh CLI. While GitHub is a well-known service, the automated execution of the downloaded content (via tests and pre-commit hooks) remains a risk factor.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 03:58 PM
Security Audit — agent-trust-hub — contributor