fix-issue
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from GitHub issues via the $ARGUMENTS variable, which includes the issue title and body. This data is directly interpolated into the prompt without boundary markers, creating an attack surface where malicious instructions in an issue could override the agent's programmed behavior.
- Ingestion points: The $ARGUMENTS placeholder in SKILL.md, which receives the issue details.
- Boundary markers: There are no delimiters or isolation mechanisms used to separate external issue content from the system instructions.
- Capability inventory: The agent is granted permission to read and modify the codebase and create pull requests, which could be abused if an injection is successful.
- Sanitization: No input validation or filtering is performed on the issue content before it is processed by the agent.
Audit Metadata