Skills
skills/tanabee/skills/research/Gen Agent Trust Hub

research

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its reliance on external, potentially attacker-controlled content from GitHub issues and local code files.
  • Ingestion points: Untrusted data enters the agent context through the gh issue view command and file-reading tools like Read, Grep, and Glob during analysis (SKILL.md, steps 2, 3, and 5).
  • Boundary markers: The instructions lack explicit delimiters or safety prompts to ensure the agent ignores instructions potentially embedded within the issue body or code comments.
  • Capability inventory: The agent has access to powerful tools including Bash, Write, and Task, which represent a significant capability tier that could be targeted by injected instructions.
  • Sanitization: There is no evidence of content sanitization, filtering, or validation performed on the external data before it is incorporated into the prompt context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 12:27 PM