do-issue
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection risk from external issue content. * Ingestion points: modules/issue-discovery.md fetches issue titles, bodies, and comments via gh or glab CLIs. * Boundary markers: Absent; the skill does not use delimiters or instructions to isolate external content from agent instructions. * Capability inventory: modules/parallel-execution.md and modules/completion.md involve subagent dispatch, file system modifications, and execution of git-platform CLI commands. * Sanitization: Absent; the skill does not verify or sanitize issue content before passing it to subagent prompts.
- [COMMAND_EXECUTION]: Risk of command injection during platform CLI calls. * Evidence: modules/issue-discovery.md describes using user-provided inputs directly in commands such as 'gh issue view '. If input validation is not strictly enforced by the agent, this could allow for the execution of arbitrary shell commands.
Audit Metadata