Skills
skills/code-yeongyu/oh-my-opencode/github-triage/Gen Agent Trust Hub

github-triage

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted user-provided content from GitHub issues and pull requests.
  • Ingestion points: Issue bodies, PR bodies, and comment summaries are interpolated directly into subagent prompts in SKILL.md.
  • Boundary markers: The prompts use simple textual labels (e.g., 'Body: {body}') to separate content but lack robust delimiters or specific instructions for the model to ignore instructions embedded within the processed data.
  • Capability inventory: Subagents have significant capabilities including the ability to comment on issues, close issues, and merge pull requests using the gh CLI.
  • Sanitization: The skill does not implement sanitization or filtering of the external data before it is presented to the LLM subagents.
  • [COMMAND_EXECUTION]: The skill relies on executing external CLI tools to manage repository state.
  • Evidence: Extensive use of gh CLI commands such as gh issue list, gh issue comment, gh issue close, and gh pr merge is defined in SKILL.md. The helper script scripts/gh_fetch.py also uses asyncio.create_subprocess_exec to run gh commands.
  • Context: These operations are central to the skill's purpose, and the author has included defensive rules (anti-patterns) such as forbidding git checkout to prevent the execution of untrusted code from PR branches.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 06:03 PM