Skills
skills/ninehills/mattpocock-skills/triage/Gen Agent Trust Hub

triage

Warn

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The reproduction section in SKILL.md instructs the agent to 'run tests or commands' based on steps provided by the issue reporter. This allows for the execution of arbitrary shell commands from untrusted sources.
  • [REMOTE_CODE_EXECUTION]: The skill is vulnerable to remote code execution because it directs the agent to execute code logic found in external GitHub issues without verification or sandboxing.
  • [PROMPT_INJECTION]: The skill has a significant attack surface for indirect prompt injection.
  • Ingestion points: SKILL.md
  • The agent processes the full content of external issues, including user-submitted comments and descriptions.
  • Boundary markers: Absent. No delimiters or instructions are used to separate untrusted data from the agent's core instructions.
  • Capability inventory: SKILL.md and OUT-OF-SCOPE.md
  • The agent can run shell commands, execute tests, write to the filesystem (.out-of-scope/), and post public issue comments.
  • Sanitization: Absent. External content from the issue tracker is used for command execution and documentation updates without any sanitization or validation logic.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 13, 2026, 06:18 AM