github-issues
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests untrusted data from GitHub issues and comments.
- Ingestion points: Issue details, comments, and project item field values are read using tools like mcp__github__issue_read and mcp__github__projects_list.
- Boundary markers: The instructions do not define delimiters or provide 'ignore embedded instructions' warnings for the data being processed.
- Capability inventory: The skill can create or modify issues, comments, and project states via the gh CLI and mcp__github__projects_write tool.
- Sanitization: There is no evidence of filtering or validation of the content retrieved from external GitHub sources before it is used to generate reports or summaries.
Audit Metadata