contribute
Warn
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill features a 'Self-Evolving Skill' directive that instructs the AI agent to autonomously edit its own instruction file (
SKILL.md) to fix errors or update parameters. This self-modification capability encourages the agent to rewrite its behavioral logic at runtime, which could be exploited to introduce persistent malicious instructions or bypass safety constraints.\n- [PROMPT_INJECTION]: The workflow is vulnerable to indirect prompt injection due to its processing of untrusted external data.\n - Ingestion points: The agent reads and processes data from external sources using
gh pr viewandgit logcommands.\n - Boundary markers: The skill does not define boundary markers or provide instructions for the agent to disregard commands potentially embedded within external data.\n
- Capability inventory: The agent has permissions to edit local files (
Edit,Write) and execute a range of shell commands (Bash), which could be leveraged if malicious instructions are ingested into the context.\n - Sanitization: The skill lacks any mechanism for sanitizing or validating the content of git logs or pull request data before it is processed by the agent.
Audit Metadata