4-step-program
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted data from GitHub issues.
- Ingestion points: The workflow uses 'gh issue view' to read the full body of issues which are used to generate delegation instructions for other agents.
- Boundary markers: No specific delimiters or instructions to ignore embedded commands within the issue body are provided in the delegation logic.
- Capability inventory: The skill has the ability to delegate tasks using 'assign_task' and can write permanent reviews to GitHub using 'mcp__github__create_pull_request_review'.
- Sanitization: There is no requirement or logic specified for the sanitization of issue text before it is passed into the agent's context.
Audit Metadata