check
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill frequently executes shell commands and CLI tools such as
git,gh(GitHub CLI),npm,cargo,vercel, andpytest. These are used to triage issues, review code diffs, and run project-specific verification tests via thescripts/run-tests.shscript. - [DATA_EXFILTRATION]: The agent is instructed to read environment variables (using
vercel env ls) and repository configuration files (including manifests, lockfiles, and build configs) to verify deployment readiness. This involves the handling of potentially sensitive project metadata. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external sources and uses it to determine its workflow.
- Ingestion points: The skill reads repository documentation (
README,AGENTS.md,CLAUDE.md), GitHub issue descriptions, and Pull Request comments to extract project constraints and triage items (SKILL.md). - Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore instructions embedded within the untrusted external data.
- Capability inventory: The skill possesses significant capabilities, including the ability to perform
git commit,git push,gh issue close, and arbitrary GitHub API calls viagh api(SKILL.md). - Sanitization: No input validation or sanitization mechanisms are described for the data ingested from issues, PRs, or repository files.
Audit Metadata