fix-bug
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection through external data ingestion.
- Ingestion points: The skill uses the
gh issue viewcommand in Step 1 to fetch untrusted content such as issue titles, bodies, and user comments. - Boundary markers: The instructions do not define delimiters or provide specific prompts to the agent to disregard instructions potentially embedded within the fetched GitHub data.
- Capability inventory: The agent possesses significant capabilities including shell command execution (
pnpm test), file system modification (git commit), and external repository interaction (gh pr create). - Sanitization: There is no defined procedure to sanitize, escape, or validate the fetched content before it is analyzed and used to generate code changes or execute tests.
Audit Metadata