unblocked-context-search-issues
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the agent to construct and execute a CLI command using the unblocked tool. This command incorporates user-provided inputs for the query and instruction parameters. Without explicit instructions for the agent to escape these inputs, there is a risk of command injection if the user provides malicious shell metacharacters. Evidence: unblocked context-search-issues --query in SKILL.md.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it retrieves and processes content from external issue trackers which are attacker-controllable sources.
- Ingestion points: Data from Jira, GitHub Issues, Linear, and Asana via the context_search_issues tool.
- Boundary markers: Absent; there are no instructions to the agent to ignore or delimit instructions found within retrieved issue data.
- Capability inventory: Shell command execution via the unblocked CLI and project file access via tools like Grep, Glob, and Read.
- Sanitization: Absent; retrieved issue descriptions and comments are processed as natural language without sanitization or escaping.
Audit Metadata