Skills
skills/utarn/engineer-skills/work-on-issues/Gen Agent Trust Hub

work-on-issues

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing untrusted data from issue trackers.
  • Ingestion points: External issue titles, descriptions, and comments are fetched from GitHub or GitLab trackers (SKILL.md, Section 2).
  • Boundary markers: Absent. The external content is interpolated directly into the sub-agent prompt spec without delimiters or instructions to ignore embedded commands.
  • Capability inventory: The sub-agent ('full-stack-engineer') has high-privilege capabilities, including file system writes, test execution, and git command execution (SKILL.md, Section 4).
  • Sanitization: No validation or sanitization of the issue content is performed before processing.
  • [REMOTE_CODE_EXECUTION]: The skill invokes npx fallow audit and advises manual installation if missing. This executes unversioned code from the npm registry (SKILL.md, Section 4).
  • [DATA_EXFILTRATION]: The skill manages environment files (.env, .env.*) by copying them between the main working directory and git worktrees. While intended for environment propagation, this practice increases the exposure of potentially sensitive local credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 06:34 PM
Security Audit — agent-trust-hub — work-on-issues