github-pr-issue
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes data from external sources (GitHub Issues and PRs), creating a surface for indirect prompt injection. Ingestion points: Reads titles, descriptions, comments, and diffs from GitHub as specified in the description and update section. Boundary markers: Lacks delimiters or explicit instructions to isolate untrusted content from system instructions. Capability inventory: Executes GitHub CLI and Git commands to create or modify PRs and Issues. Sanitization: No filtering or validation of external content is performed.
- [COMMAND_EXECUTION]: The skill requires the agent to execute shell commands, specifically
git status,git push, and GitHub CLI commands (gh), to manage repository resources and automate workflows.
Audit Metadata