Skills
skills/sungjunlee/dev-relay/relay-plan/Gen Agent Trust Hub

relay-plan

Pass

Audited by Gen Agent Trust Hub on May 24, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses a surface for Indirect Prompt Injection. It retrieves task descriptions from GitHub issues (gh issue view) and user-provided text, which are then used to synthesize rubrics and dispatch prompts for downstream execution.
  • Ingestion points: SKILL.md Step 1 (GitHub issues, user descriptions, handoff briefs).
  • Boundary markers: The instructions do not define strict boundary markers to isolate untrusted input within the generated prompts.
  • Capability inventory: The skill generates instructions for an agent equipped with shell access and file manipulation capabilities (e.g., relay-dispatch).
  • Sanitization: Input data is normalized for task metadata extraction but not specifically sanitized or escaped to prevent the inclusion of malicious prompt instructions.
  • [COMMAND_EXECUTION]: The skill relies on the execution of multiple internal JavaScript scripts and the GitHub CLI.
  • Evidence: SKILL.md and several consumer scripts (e.g., probe-executor-env-consumer.js, reliability-report-consumer.js) use node and execFileSync to run local utilities. The skill also invokes the gh command to view issues.
Audit Metadata
Risk Level
SAFE
Analyzed
May 24, 2026, 03:01 AM
Security Audit — agent-trust-hub — relay-plan