Skills
skills/whilp/world/dev/Gen Agent Trust Hub

dev

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses git and the gh (GitHub CLI) to perform repository operations, including branch creation, fetching remote updates, and retrieving pull request data. These are standard development operations.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It fetches review comments from an external source (GitHub) and directs the agent to "Address each comment" by making code changes, which could allow a malicious reviewer to influence the agent's actions.
  • Ingestion points: Data is ingested from GitHub pull request comments via gh api calls in SKILL.md.
  • Boundary markers: The workflow does not include specific delimiters or instructions to treat the comment text as data rather than instructions.
  • Capability inventory: The skill has the capability to modify the local filesystem (via git commit, git mv) and interact with the GitHub API (via gh api --method POST).
  • Sanitization: There is no evidence of sanitization or filtering of the comment content before the agent is tasked with addressing it.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 02:22 AM