issue-triage
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Command Execution]: The skill executes PowerShell scripts and uses the GitHub CLI (
gh) to perform repository operations. These commands are used to query issue data and apply triage decisions (milestones and labels) to the dotnet/maui repository. Evidence includes calls togh issue editandgh apiwithin the provided scripts. - [External API Interaction]: The scripts interact with the official GitHub API (
api.github.com) and GraphQL endpoints to retrieve milestone, label, and issue information. This communication is essential for the skill's functionality and targets well-known service infrastructure. - [Indirect Prompt Injection Surface]: The skill ingests untrusted data from GitHub (issue titles and comments) and presents them to the agent.
- Ingestion points:
scripts/query-issues.ps1retrieves title and comment data. - Boundary markers: The triage presentation template in
SKILL.mddoes not use explicit delimiters to isolate external content. - Capability inventory: The skill has the capability to modify repository state via
gh issue editandgh pr editcommands. - Sanitization: The scripts perform basic whitespace cleaning for display purposes but do not implement strict content sanitization. This is a standard consideration for tools processing external feedback.
Audit Metadata