github-issues
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (HIGH): The skill presents a high risk for indirect prompt injection. Ingestion points: Data is fetched from GitHub via mcp__github__get_issue, mcp__github__search_issues, and mcp__github__list_issues (SKILL.md). Boundary markers: The skill lacks delimiters or instructions to treat external data as untrusted, meaning the agent may follow commands embedded in issue bodies. Capability inventory: The skill includes write capabilities like mcp__github__create_issue and mcp__github__update_issue, allowing an injection to result in unauthorized repository changes. Sanitization: No sanitization or filtering is applied to data retrieved from the GitHub API.
Recommendations
- AI detected serious security threats
Audit Metadata