Skills
skills/google-labs-code/jules-skills/automate-github-issues/Gen Agent Trust Hub

automate-github-issues

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The scripts/setup.sh file and SKILL.md instructions include curl -fsSL https://bun.sh/install | bash. Pipping remote scripts directly to a shell allows for arbitrary code execution from a remote source without verification.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill installs several Node.js packages at runtime via bun install and downloads the Bun runtime from an external URL that is not on the trusted sources list.
  • [COMMAND_EXECUTION] (MEDIUM): The skill makes extensive use of child_process.exec in scripts/github/git.ts to run git commands. While the current inputs are internal, this represents a significant capability that could be targeted by advanced prompt injections.
  • [PROMPT_INJECTION] (LOW): This skill is vulnerable to Indirect Prompt Injection (Category 8). Evidence: 1. Ingestion points: Untrusted data from GitHub issues via scripts/github/issues.ts. 2. Boundary markers: The prompt construction in scripts/prompts/bootstrap.ts does not use delimiters to isolate untrusted content. 3. Capability inventory: The skill can create new AI sessions and merge code via scripts/fleet-dispatch.ts and scripts/fleet-merge.ts. 4. Sanitization: No sanitization of issue content is performed.
Recommendations
  • HIGH: Downloads and executes remote code from: https://bun.sh/install - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:08 PM