github-issue-workflow
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious behavior, obfuscation, or persistence mechanisms were detected.
- [PROMPT_INJECTION]: The skill contains a security protocol file that lists examples of common prompt injection techniques (e.g., "ignore all previous instructions"). These are explicitly marked as patterns for the agent to recognize and ignore when encountered in untrusted data, constituting a robust defensive measure.
- [COMMAND_EXECUTION]: Shell commands are used appropriately for Git and GitHub CLI operations. The workflow implements an 'Isolation Pipeline' for data ingestion: untrusted issue text enters the context at 'Phase 1' (SKILL.md), but implementation capabilities ('Bash', 'Edit') in 'Phase 4' are gated by mandatory user confirmation and requirement sanitization, preventing the execution of malicious instructions embedded in issue bodies.
- [DATA_EXFILTRATION]: No patterns of sensitive data exposure or unauthorized network transmission were identified.
Audit Metadata