Skills
skills/comfy-org/comfy-pr/github-issue-search/Gen Agent Trust Hub

github-issue-search

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the prbot CLI tool via the Bash environment to perform searches on GitHub repositories.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes untrusted data from GitHub issues and pull requests.
  • Ingestion points: Data fetched from the GitHub API (including titles, labels, and author info) as defined in SKILL.md.
  • Boundary markers: None. The skill does not implement delimiters or instructions to ignore potential commands within the retrieved data.
  • Capability inventory: The skill has access to the Bash tool to execute commands.
  • Sanitization: There is no evidence of sanitization or escaping of the external content before it is provided to the agent.
  • [DATA_EXFILTRATION]: The skill accesses the sensitive local file .env.local to load credentials such as GH_TOKEN or GH_TOKEN_COMFY_PR. This access is part of the intended authentication flow for the Comfy-Org infrastructure.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 06:35 PM