fix-github-issue
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): Vulnerable to Indirect Prompt Injection (Category 8) because the skill processes external untrusted data from GitHub issues and uses it to drive code changes and local command execution. Evidence: 1. Ingestion points: Issue data retrieved via 'gh issue view' in SKILL.md. 2. Boundary markers: None present. 3. Capability inventory: File system writes, git operations, and local command execution (pest, phpunit). 4. Sanitization: No sanitization is performed on issue content before it influences code changes or test execution.
- COMMAND_EXECUTION (LOW): The skill requires the agent to run local test suites. If an attacker-controlled issue description leads the agent to inject malicious code into the repository, that code will be executed with the user's local privileges during the test phase (Step 5).
Audit Metadata