github-issue-query
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script
query-issues.shexecutes the GitHub CLI (gh) andjq. User-provided inputs for repository, state, limit, and the jq filter are passed as arguments to these binaries. While variables are quoted to prevent shell injection, the skill relies on the underlying tools to handle potentially malicious argument values. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests data from GitHub issues which can be authored by any user.
- Ingestion points: Issue data including titles, bodies, and comments are fetched from GitHub via the
gh issue listcommand inquery-issues.sh. - Boundary markers: The retrieved data is returned as raw JSON without delimiters or instructions to the agent to treat the content as untrusted.
- Capability inventory: The script itself provides read and filter capabilities, but the agent consuming this data may have broader execution capabilities.
- Sanitization: There is no sanitization or filtering of the text content retrieved from GitHub before it is passed to the agent.
- [EXTERNAL_DOWNLOADS]: The skill communicates with GitHub's official services to retrieve issue data. GitHub is recognized as a well-known service, and this network activity is essential for the skill's primary function.
Audit Metadata