Skills
skills/rockclaver/systemcraft/fix-issue/Gen Agent Trust Hub

fix-issue

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its core mechanism of processing external GitHub issue data.
  • Ingestion points: In SKILL.md, the command gh issue view <number> is used to ingest the issue title and body into the agent's context.
  • Boundary markers: The skill lacks delimiters or explicit instructions to treat issue content as data rather than instructions, which could allow a malicious issue to manipulate the agent's behavior.
  • Capability inventory: The agent possesses significant capabilities, including local file system modification, execution of shell commands (testing, linting), and GitHub API interaction (creating PRs).
  • Sanitization: There is no evidence of sanitization or filtering applied to the fetched issue content before it is used to derive acceptance criteria and implementation steps.
  • [COMMAND_EXECUTION]: The skill executes arbitrary shell commands based on the project's local configuration.
  • It directs the agent to execute scripts defined in package.json and to run commands discovered within .github/workflows/ files verbatim.
  • While standard for development automation, this relies on the trustworthiness of the local repository's configuration files.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 08:41 AM