Skills
skills/vinvcn/mattpocock-skills-zh-cn/qa/Gen Agent Trust Hub

qa

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the GitHub CLI (gh issue create) to create issues based on user reports. This is the primary intended function of the skill and uses standard system tooling.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from user conversation and the codebase to formulate GitHub issues.
  • Ingestion points: User descriptions and codebase files (specifically mentioning UBIQUITOUS_LANGUAGE.md).
  • Boundary markers: No explicit delimiters are used to wrap external content.
  • Capability inventory: gh issue create (write access to repository) and subagent_type=Explore (read access to codebase).
  • Sanitization: The instructions provide a logical filter by explicitly forbidding the inclusion of file paths, line numbers, or internal implementation details, which reduces the risk of malicious content being propagated into the repository tracking system.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 12:56 AM
Security Audit — agent-trust-hub — qa