Skills
skills/varnan-tech/opendirectory/kill-the-standup/Gen Agent Trust Hub

kill-the-standup

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes curl and the GitHub CLI (gh) to interact with external APIs. It correctly handles variable data by writing the Slack payload to a temporary file (/tmp/standup-payload.json) and using the @ parameter in curl. This practice mitigates shell injection risks that could arise from processing external content such as commit messages or issue titles.\n- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface because it processes untrusted data from external APIs (Linear and GitHub).\n
  • Ingestion points: Linear issue titles and GitHub commit messages are read into the agent's context (SKILL.md, Steps 2 and 3).\n
  • Boundary markers: The skill does not use specific delimiters or instructions to ignore embedded commands within the ingested text.\n
  • Capability inventory: The skill has access to network operations (curl) and local file writes (cat > /tmp/...).\n
  • Sanitization: While the skill applies structural formatting (first-line extraction, deduplication), it does not sanitize the content of the titles or messages. The risk is categorized as low as the agent is constrained by strict formatting rules in references/standup-format.md.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 05:51 PM
Security Audit — agent-trust-hub — kill-the-standup