bmad-os-gh-triage
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the standard 'gh' CLI via the Bash tool to perform GitHub operations such as listing and closing issues. This is a legitimate use of project-specific tooling for the stated purpose of issue triage.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted content (GitHub issue titles and bodies) through sub-agents. While this presents a standard attack surface where malicious issue content could attempt to influence the triage report, the risk is inherent to the task of analysis.
- Ingestion points: GitHub issue titles, bodies, and labels fetched in 'SKILL.md' using 'gh issue list'.
- Boundary markers: The prompt template in 'agent-prompt.md' does not use explicit XML tags or delimited blocks to separate the issue content from the analysis instructions.
- Capability inventory: The agent has access to the 'Bash' tool for command execution and the 'Task' tool for managing sub-agents. It also has permissions to write files to the '_bmad-output' directory.
- Sanitization: There is no evidence of sanitization or filtering of the issue content before it is interpolated into the prompt for sub-agents.
Audit Metadata