github-issues
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface detected.\n
- Ingestion points: The skill retrieves untrusted data from GitHub issue bodies, comments, and project metadata (e.g., in SKILL.md and references/search.md).\n
- Boundary markers: No explicit delimiters or instructions to ignore embedded prompts are provided in the templates or instructions for processing external content.\n
- Capability inventory: The skill utilizes the gh CLI for write operations and suggests local script execution capabilities.\n
- Sanitization: There is no evidence of sanitization or validation of content fetched from GitHub before it is processed by the agent.\n- [COMMAND_EXECUTION]: Instructions for shell command execution and local script generation.\n
- The skill provides comprehensive patterns for using the gh CLI and gh api to manage GitHub resources.\n
- The references/images.md file contains instructions and a code template for the agent to generate and execute a Node.js script using puppeteer-core for taking screenshots of mockups.
Audit Metadata