Skills
skills/sd0xdev/sd0x-dev-flow/create-request/Gen Agent Trust Hub

create-request

Warn

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill extracts file paths and dates from the ## Related Files table and header metadata in markdown documents, and then uses them as arguments in shell commands like git log and grep. If a document contains paths or dates with shell metacharacters, it could lead to the execution of arbitrary commands when the skill processes the file.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection in its verification logic. It reads content from the ## Acceptance Criteria and ## Related Files sections of markdown files and interpolates it directly into a prompt for a sub-agent without sanitization or boundary markers.\n
  • Ingestion points: Acceptance Criteria and Related Files sections in docs/features/*/requests/*.md.\n
  • Boundary markers: Absent from the verification agent prompt template in SKILL.md.\n
  • Capability inventory: Read, Write, Bash, Agent (sub-agent execution), and Grep.\n
  • Sanitization: Absent; the skill does not escape or validate extracted text before interpolation into commands and prompts.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 20, 2026, 07:24 PM