Skills
skills/c0ntr0lledcha0s/logseq-template-graph/github-issues/Gen Agent Trust Hub

github-issues

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It instructs the agent to read and analyze untrusted data from GitHub issue titles, descriptions, and comments.
  • Ingestion points: External data enters the agent's context through gh issue view [number] --comments and gh issue list (documented in SKILL.md).
  • Boundary markers: There are no instructions to wrap external content in delimiters or specific warnings to ignore instructions found within the processed data.
  • Capability inventory: The agent possesses extensive write capabilities, including modifying issue labels (gh issue edit), posting comments (gh issue comment), creating pull requests (gh pr create), and performing git operations (git checkout, git push).
  • Sanitization: The skill lacks mechanisms to sanitize or validate the external content before it is used to influence the agent's logic or command arguments.
  • [COMMAND_EXECUTION]: The skill uses shell commands including gh, git, and grep to interact with the repository and GitHub API. While these are standard tools for the described use case, they are triggered by and potentially parameterized by external data from issue reports.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 10:55 AM