kickoff
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Uses the GitHub CLI tool (gh) to execute commands for fetching issue metadata and details based on user input.
- [EXTERNAL_DOWNLOADS]: Fetches external content from GitHub repositories and general web sources to gather requirements and technical documentation.
- [PROMPT_INJECTION]: Potential for indirect prompt injection via untrusted data sources.
- Ingestion points: Content is ingested from GitHub issue titles, bodies, and comments via the gh CLI tool.
- Boundary markers: No explicit delimiters or system instructions are provided to mitigate commands embedded within the fetched issue content.
- Capability inventory: The skill possesses extensive capabilities including codebase reading (Read, Glob, Grep), network access (WebSearch, WebFetch), and the ability to spawn subagents for parallel exploration.
- Sanitization: No sanitization or validation logic is applied to the external issue content before it is used to guide the implementation strategy and agent reasoning.
Audit Metadata