council
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
run_agentstool for sub-agent orchestration and suggests using version control commands likegit worktreeandgit branchto ensure isolation when code changes are allowed.- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection by processing untrusted data from sources such as pull requests, issue descriptions, and codebase artifacts. - Ingestion points: Untrusted data enters the context when investigating pull requests, issues, or codebase files as described in steps 1 and 3.
- Boundary markers: The instructions do not explicitly require the use of delimiters or specific warnings to ignore embedded instructions within the artifacts being analyzed.
- Capability inventory: The skill uses
run_agentsto launch sub-agents that may have the ability to modify local files or execute shell commands. - Sanitization: There are no explicit steps for sanitizing or escaping the content of the analyzed artifacts before providing them to sub-agents.
Audit Metadata