gh-ticket
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute various shell commands including 'git log', 'grep', 'find', and the GitHub CLI ('gh'). These tools are used for technical context gathering and issue lifecycle management. Security risks may arise if the agent is directed to run these commands against sensitive system files or if user-provided input is not correctly escaped when building the shell command strings for the 'gh' tool.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it is designed to ingest and act upon potentially untrusted data from external bug reports, user requests, or existing issue comments.
- Ingestion points: External data enters the context via user-provided text and existing issue content retrieved via 'gh issue view' in SKILL.md.
- Boundary markers: There are no explicit instructions or delimiters provided to help the agent distinguish between legitimate instructions and malicious content embedded within the ingested data.
- Capability inventory: The agent possesses capabilities to read the local filesystem ('grep', 'find'), access git logs, and perform write operations to an external service ('gh issue create', 'gh issue edit').
- Sanitization: The skill does not define any validation, escaping, or filtering mechanisms for the external content before it is interpolated into commands or issue bodies.
Audit Metadata