start-implementation
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection via untrusted GitHub issue content.
- Ingestion points: The skill ingests data including issue titles, numbers, and types from GitHub to determine implementation steps (SKILL.md).
- Boundary markers: The instructions lack explicit delimiters or 'ignore embedded instructions' warnings when processing issue data.
- Capability inventory: The skill possesses significant capabilities including code implementation, writing issue summaries, committing changes to the repository, and closing issues.
- Sanitization: There is no evidence of sanitization or validation of the ingested issue content before the agent performs implementation and commitment tasks.
Audit Metadata