triage
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
allowed-toolsconfiguration to restrict shell access exclusively to thegh(GitHub CLI) utility and read-only file system tools (Read,Glob,Grep). This prevents the agent from executing arbitrary or dangerous system commands outside its intended scope. - [DYNAMIC_CONTEXT_INJECTION]: Repository metadata, issue counts, and label lists are retrieved at load time using the
!commandsyntax. These operations are limited to informational gathering and do not interpolate user-supplied arguments into the shell execution, mitigating command injection risks. - [DATA_EXFILTRATION]: The skill processes data from GitHub issues but does not possess tools or instructions for transmitting information to external domains. The implementation of
context: forkensures that intermediate data processed during the triage session is isolated and discarded after the subagent finishes. - [PROMPT_INJECTION]: The skill manages an indirect prompt injection surface by reading issue bodies which could contain adversarial instructions. This is effectively mitigated by the combination of an isolated execution context and the use of specialized
PostToolUseprompt hooks that validate tool outputs against a strict labeling schema before they are executed.
Audit Metadata