Skills
skills/chrisrodz/dotfiles/polishing-issues/Gen Agent Trust Hub

polishing-issues

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill fetches external, untrusted content from GitHub issues and uses that content to guide its reasoning, codebase search, and subsequent issue modifications.
  • Ingestion points: The gh issue view command in the 'Workflow' section imports the title, body, and comments of a GitHub issue into the agent's context.
  • Boundary markers: There are no explicit instructions to the agent to treat the fetched issue content as untrusted or to ignore instructions embedded within the issue body/comments.
  • Capability inventory: The skill utilizes rg (ripgrep) for codebase exploration and gh issue edit for writing data back to the external repository.
  • Sanitization: No sanitization or validation of the fetched issue content is performed before it is interpolated into the workflow logic or the final output block.
  • Command Execution (LOW): The skill uses shell commands (gh, rg) that interpolate variables such as <number> and <owner/repo>. While usually managed by the agent's tool-calling layer, improperly sanitized inputs for these variables could potentially lead to local command injection or argument injection.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 05:54 AM