gh-issue-fix-flow
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): Potential for indirect prompt injection via malicious GitHub issue content. * Ingestion points: The gh issue view command in Step 1 reads external, untrusted issue descriptions and comments. * Boundary markers: Absent; the workflow lacks delimiters or specific instructions to ignore embedded instructions inside the issue text. * Capability inventory: The agent has the ability to modify local files, execute builds via XcodeBuildMCP, and perform git push operations. * Sanitization: None; external content directly influences the agent's reproduction steps and implementation logic without filtering.
- COMMAND_EXECUTION (SAFE): Uses common command-line utilities (gh, git, rg, sed) to facilitate the intended software development workflow. These operations are restricted to the local environment and the target repository.
Audit Metadata