Skills
skills/vltansky/vladstack/vs-rfc-research/Gen Agent Trust Hub

vs-rfc-research

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because its core functionality involves fetching and processing untrusted data from GitHub repositories to generate technical proposals.
  • Ingestion points: The skill utilizes the octocode MCP server to retrieve source code, pull request data, and repository structures from arbitrary GitHub repositories (SKILL.md, Phase 3).
  • Boundary markers: The instructions lack explicit delimiters or instructions for the agent or its subagents to treat fetched content as data only and ignore any embedded instructions.
  • Capability inventory: The skill can write the resulting RFC documents to the local file system in the docs/rfcs/ directory and can spawn subagents to 'roast' or refine the synthesized content.
  • Sanitization: There is no evidence of sanitization or filtering of the content retrieved from GitHub before it is passed to the LLM for synthesis or review.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 03:12 PM
Security Audit — agent-trust-hub — vs-rfc-research