analyze-issue
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to fetch and process untrusted data from GitHub issues, creating a surface for indirect prompt injection attacks.
- Ingestion points: External GitHub issue content (titles, descriptions, and comments) fetched via the
gh issuetool, and instructions stored in the local file.claude/commands/load-issues.md. - Boundary markers: Absent. The instructions do not define clear delimiters or instruct the agent to ignore executable instructions or system-like commands contained within the issue data.
- Capability inventory: The skill possesses significant capabilities, including
Bash(restricted togh issuesubcommands),Write, andReadaccess. A successful injection could lead to unauthorized file modifications or disclosure of repository structure. - Sanitization: Absent. The instructions require the agent to 'Understand the requirements thoroughly,' which increases the risk that the agent will follow instructions embedded in the issue content rather than just treating it as data.
Audit Metadata