implement-issue
Fail
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill explicitly advises using
GIT_SSL_NO_VERIFY=1when performing GitHub operations in sandbox environments. Disabling SSL/TLS certificate verification removes protection against Man-in-the-Middle (MitM) attacks, potentially allowing an attacker to intercept sensitive data or modify network responses. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing untrusted data from external sources.
- Ingestion points: The skill reads external content from GitHub issues using the
gh issue viewcommand. - Boundary markers: There are no explicit delimiters used to encapsulate the untrusted issue content, nor are there instructions to ignore embedded commands.
- Capability inventory: The agent possesses the capability to modify the local codebase, execute shell commands during the testing phase, and commit changes to the repository.
- Sanitization: The skill does not validate or sanitize the retrieved issue content before it is used to generate implementation plans or perform code changes, allowing maliciously crafted issues to potentially control the agent's actions.
Recommendations
- AI detected serious security threats
Audit Metadata