batch
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent and its subagents to execute several shell commands, including
git worktreefor isolation,gh pr createfor pull request management, and dynamically discovered test commands such asnpm test,bun test,pytest, orgo test(SKILL.md, Phase 2 and Phase 3). - [EXTERNAL_DOWNLOADS]: The README.md provides installation instructions using
npx skills add vltansky/skills/skills/batch, which fetches the skill's code from a remote source controlled by the vendor. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it derives execution logic from untrusted data within the codebase being modified.
- Ingestion points: The agent researches the codebase to find file patterns, conventions, and test recipes in files like
package.jsonorMakefile(SKILL.md, Phase 1). - Boundary markers: Absent; there are no instructions to use delimiters or ignore instructions embedded within the discovered project files.
- Capability inventory: The skill can spawn background subagents, execute arbitrary shell commands for testing, and perform network operations via the
ghCLI (SKILL.md, Phase 2). - Sanitization: Absent; the skill lacks mechanisms to validate or sanitize the commands it extracts from the project files before executing them.
Audit Metadata