setup-matt-pocock-skills
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides templates that instruct the agent on how to use CLI tools such as
gh(GitHub CLI) andglab(GitLab CLI) for issue management. These instructions include commands for creating, viewing, and listing issues. - [EXTERNAL_DOWNLOADS]: The documentation references the official GitLab CLI repository (
https://gitlab.com/gitlab-org/cli) as a resource for users needing the tool. - [PROMPT_INJECTION]: The skill identifies and processes data from untrusted sources within the repository (e.g.,
CLAUDE.md,CONTEXT.md,git remote -voutput) to automatically determine the project configuration. This creates an indirect prompt injection surface where a malicious repository could influence the setup process. However, the skill explicitly incorporates a human-in-the-loop step, requiring user confirmation of all findings and proposed file changes before execution.
Audit Metadata