Skills
skills/mitodl/agent-kit/generate-standup/Gen Agent Trust Hub

generate-standup

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: Executes a bundled bash script scripts/get-standup-context.sh and uses the gh (GitHub CLI) to perform API queries and mutations.
  • [DATA_EXFILTRATION]: Collects PR, issue, and discussion metadata from specified GitHub organizations and posts it to a discussion in the mitodl/hq repository. This behavior is consistent with the skill's documented purpose of automating standup reports for the author's organization.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes data from GitHub PR and issue titles which could contain malicious strings designed to influence agent behavior.
  • Ingestion points: Fetches data via gh search in scripts/get-standup-context.sh.
  • Boundary markers: Absent; data is processed and rendered into a Markdown template without specific markers to isolate untrusted content.
  • Capability inventory: Includes shell command execution and write access to GitHub repository discussions via the GraphQL API.
  • Sanitization: Uses jq to safely escape variables interpolated into shell commands, preventing command injection, but does not perform semantic sanitization of the fetched text content.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 08:35 PM