github-triage
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Command Execution] (LOW): The skill is designed to execute the
gh(GitHub CLI) tool and a local shell script (gh_triage.sh) at a hardcoded absolute path (/Users/bvt/.codex/skills/github-triage/scripts/gh_triage.sh). While this is the intended purpose of the skill, the contents of the shell script were not provided for verification. - [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from external sources (GitHub) and processes it, which could lead to indirect prompt injection if an issue or PR contains malicious instructions.
- Ingestion points: GitHub issue and PR titles, bodies, and comments retrieved via
gh searchandgh issue view. - Boundary markers: Absent. The instructions do not specify delimiters or warnings to ignore instructions embedded in the GitHub data.
- Capability inventory: The agent can execute shell commands and the
ghCLI. - Sanitization: Absent. There is no evidence of filtering or sanitizing the content retrieved from GitHub before it is processed by the agent.
Audit Metadata