Skills
skills/gen-verse/openclaw-rl/gh-issues/Gen Agent Trust Hub

gh-issues

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external sources.
  • Ingestion points: The orchestrator fetches data from GitHub issue titles, bodies, and pull request comments from potentially public repositories (SKILL.md, Phase 2 and Phase 6).
  • Boundary markers: The task prompt uses XML-style tags like <issue> and <review_comments> to separate data, but instructions for the sub-agent are concatenated with this data, allowing for instruction confusion.
  • Capability inventory: Sub-agents have extensive capabilities, including file system access via git, network access via curl, and the ability to execute arbitrary commands when running test suites.
  • Sanitization: The skill lacks sanitization or validation for the external content before it is interpolated into the sub-agent task prompts.
  • [CREDENTIALS_UNSAFE]: Potential credential exposure occurs when managing authentication for Git operations.
  • Evidence: The skill uses commands such as git remote add fork https://x-access-token:$GH_TOKEN@github.com/{PUSH_REPO}.git (SKILL.md, Phase 4).
  • Description: Embedding the GH_TOKEN environment variable directly into the Git remote URL causes the secret to be stored in plain text within the .git/config file in the working directory.
  • [COMMAND_EXECUTION]: The skill facilitates the execution of untrusted code from target repositories.
  • Evidence: Sub-agents are instructed to "Discover and run the existing test suite" using local tools like npm, pytest, or make (SKILL.md, Sub-agent Task Prompt).
  • Description: Although necessary for the primary purpose of fixing code, this behavior involves executing arbitrary code found within the repository being modified, which could be malicious.
  • [EXTERNAL_DOWNLOADS]: The skill interacts with well-known external services.
  • Description: It fetches repository issues and metadata from the official GitHub REST API and utilizes git to clone and push source code. These interactions are performed on trusted infrastructure (github.com) as part of the skill's intended operation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 02:37 AM