recipe-github-triage
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses 'npx tsx' to execute local TypeScript scripts ('resources/pd-github.ts') which interact with GitHub. This is the primary method of operation.
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it retrieves and summarizes content from GitHub issues and pull requests, which are external and potentially attacker-controlled sources. 1. Ingestion points: Issue titles, descriptions, and pull request metadata fetched via 'pd-github.ts'. 2. Boundary markers: None present in the instructions to separate data from instructions. 3. Capability inventory: Command execution via 'npx' and network access. 4. Sanitization: No evidence of data sanitization or escaping of the fetched GitHub content before processing.
- [EXTERNAL_DOWNLOADS]: Running 'npx' may result in the dynamic download of the 'tsx' package or other dependencies from the official npm registry if they are not already present in the environment.
Audit Metadata