Skills
skills/paulund/ai/ops-backlog-health/Gen Agent Trust Hub

ops-backlog-health

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it parses untrusted data from GitHub issue bodies to identify blocker references.
  • Ingestion points: Issue bodies are parsed in SKILL.md (Pass 1) to extract blocker IDs (#N).
  • Boundary markers: No boundary markers or instructions to ignore instructions within the parsed data are present.
  • Capability inventory: The skill uses the GitHub CLI to view, comment on, and edit issues, as well as list pull requests.
  • Sanitization: No sanitization or validation steps are defined for the extracted issue IDs before they are used in shell commands.
  • [COMMAND_EXECUTION]: The skill uses variables parsed from untrusted issue content in shell commands. Instructions in Pass 1 and Pass 2 direct the agent to execute gh commands (e.g., gh issue view ) where is a string extracted from external issue descriptions. This pattern lacks necessary escaping to prevent command injection.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 05:44 PM
Security Audit — agent-trust-hub — ops-backlog-health