gco-2nd
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local scripts (e.g.,
gco-rate-limit.js,get-logdir.js, andgco-run.sh) located in the$HOME/.claudedirectory to interface with the Copilot CLI. This is normal behavior for extending local CLI capabilities.- [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface by incorporating external data (development plans) into prompts. - Ingestion points: User-provided development plans and codebase context used in Step 1.
- Boundary markers: Uses markdown headers (e.g.,
## Context,## Current Plan) to delimit information. - Capability inventory: Authorized to execute shell commands via
bashandnodein the skill's frontmatter. - Sanitization: Input content is interpolated into the prompt template without explicit sanitization or escaping.
Audit Metadata