Skills
skills/ninehills/mattpocock-skills/setup-matt-pocock-skills/Gen Agent Trust Hub

setup-matt-pocock-skills

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes git remote -v to determine project context and provides templates for using official command-line tools like gh (GitHub) and glab (GitLab) for issue management. These are standard and safe practices for repository setup.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes existing repository data to determine its configuration state.
  • Ingestion points: The skill reads several project files including AGENTS.md, CLAUDE.md, CONTEXT.md, CONTEXT-MAP.md, and architectural decision records in docs/adr/ (SKILL.md).
  • Boundary markers: Absent; there are no specific delimiters or instructions to ignore embedded commands in the ingested files.
  • Capability inventory: The agent is granted the ability to write to and update documentation files (CLAUDE.md, AGENTS.md, and docs/agents/*.md).
  • Sanitization: There is no explicit sanitization or validation logic for the content read from the repository.
  • Note: While this presents a theoretical injection surface, it is a necessary component of the skill's primary purpose. The risk is significantly mitigated by the skill's design, which requires the agent to present findings and drafts to the user for confirmation before any file modifications are performed.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 06:18 AM