Skills
skills/code-yeongyu/oh-my-openagent/github-triage/Gen Agent Trust Hub

github-triage

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill orchestrates multiple gh and git CLI commands (e.g., gh issue list, git rev-parse, git log) to extract repository information. These are restricted to read-only operations via an explicit 'Zero-Action Policy' and negative constraints in subagent prompts to prevent unauthorized state changes.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted content from GitHub issue and PR titles, bodies, and comments.
  • Ingestion points: Data enters the agent via Phase 1 fetching in SKILL.md and through the scripts/gh_fetch.py utility.
  • Boundary markers: While the skill uses XML-like tags for its own instructions, it does not apply strict delimiters or 'ignore embedded instructions' warnings when interpolating user-controlled content like {body} or {comments_summary} into subagent prompts.
  • Capability inventory: Subagents are granted capabilities to read the local filesystem (Grep, Read), write report files to /tmp/, and run read-only repository commands.
  • Sanitization: There is no evidence of sanitization or escaping of external content before it is integrated into the model's context, allowing potentially malicious instructions in an issue body to influence agent behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 08:10 AM