Skills
skills/nyldn/claude-octopus/skill-scope-drift/Gen Agent Trust Hub

skill-scope-drift

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes shell commands including git and gh to retrieve repository metadata, diff statistics, and commit history.
  • [EXTERNAL_DOWNLOADS]: Interacts with GitHub's official services via the gh tool to fetch pull request body content for analysis.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from the repository: * Ingestion points: Reads content from TODOS.md, TODO.md, .octo/STATE.md, git commit messages, and remote pull request descriptions. * Boundary markers: Lacks explicit delimiters or ignore-instructions to prevent embedded commands in the ingested data from influencing the agent's behavior. * Capability inventory: Restricted to reading file system metadata, git logs, and generating informational markdown reports; no write or arbitrary execution capabilities are present. * Sanitization: External data is interpolated directly into the analysis context without validation or escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 05:41 PM