Skills
skills/mattobee/skills/suggesting-next-steps/Gen Agent Trust Hub

suggesting-next-steps

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute various read-only CLI commands using git and gh to gather context about the repository's state, including commit history, local stashes, and GitHub issue/PR details.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests and processes untrusted data from project documentation and issue trackers to generate task priorities.\n
  • Ingestion points: Processes content from files such as STATUS.md, ROADMAP.md, TODO.md, README.md, package.json, and requirement documents in docs/, as well as GitHub issue and pull request descriptions.\n
  • Boundary markers: There are no explicit instructions to use delimiters or ignore embedded instructions within the parsed project files or GitHub content.\n
  • Capability inventory: The skill restricts the agent to read-only capabilities via the git and gh tools and file system access.\n
  • Sanitization: No sanitization or validation of the extracted external text is performed before it is used by the agent to determine the next steps.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 09:45 AM