Skills
skills/wgpsec/aboutsecurity/evasion-research/Gen Agent Trust Hub

evasion-research

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of the gh (GitHub CLI) tool to search repositories, list file contents, and retrieve data via the GitHub API. This includes pipelines to decode repository content for analysis.
  • [EXTERNAL_DOWNLOADS]: The workflow involves fetching metadata and source code files from GitHub. Since GitHub is a well-known service, these operations are documented as standard data retrieval for research purposes and do not involve untrusted third-party sites.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes and extracts patterns from untrusted external code and documentation.
  • Ingestion points: External source code and repository documentation fetched via gh search and gh api commands, as described in SKILL.md and references/research-workflow.md.
  • Boundary markers: There are no instructions to use delimiters or ignore potential commands embedded in the retrieved code, increasing the risk that the agent may follow instructions found within a researched repository.
  • Capability inventory: The skill utilizes the gh tool for repository interaction and has the capability to write extracted data to local JSON files (evasion-techniques-db.json, loader-components-db.json).
  • Sanitization: The methodology does not include steps to sanitize or validate the content retrieved from GitHub before the agent processes it for pattern extraction.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 10:07 AM