new-issue
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill has a surface for indirect prompt injection because it processes content from GitHub issues and web searches. Evidence: 1. Ingestion points: GitHub issue list/view commands and WebSearch results. 2. Boundary markers: No explicit delimiters used for external content analysis. 3. Capability inventory: Issue creation, editing, and release asset manipulation via
gh. 4. Sanitization: Employscat <<'EOF'to safely handle issue bodies in shell commands. - [COMMAND_EXECUTION] (SAFE): Use of GitHub CLI via Bash is restricted to intended management tasks. The skill uses quoted heredocs to ensure that external content is treated as literal text and not executed as code.
Audit Metadata