improve-codebase-architecture
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI tool (
gh issue create) to automate the creation of RFCs as issues on remote repositories. - [DATA_EXFILTRATION]: The skill instructions explicitly bypass human oversight before external communication ('Do NOT ask the user to review before creating
- just create it and share the URL'). This creates a risk of exposing sensitive implementation details or internal documentation to potentially public GitHub issue trackers if the agent includes such information in the generated RFC body.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1. Ingestion points: The agent is instructed to explore the local codebase files (SKILL.md, Step 1). 2. Boundary markers: The instructions lack markers or warnings to disregard malicious instructions embedded in the codebase being analyzed. 3. Capability inventory: The skill can create GitHub issues and spawn multiple autonomous sub-agents with specific design briefs. 4. Sanitization: There is no evidence of filtering or sanitizing codebase content before it is processed by sub-agents or included in the final GitHub issue payload.
Audit Metadata