gh-sub-issue
Warn
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing a GitHub CLI extension from an unverified third-party repository ('yahsan2/gh-sub-issue'). This repository is not maintained by a well-known organization or the skill author, posing a potential supply chain risk if the extension code is malicious.\n- [COMMAND_EXECUTION]: The skill relies on the 'gh' CLI and custom extensions to perform operations. This capability allows the execution of logic provided by external sources, which can interact with the user's repositories and potentially perform unintended actions.\n- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it processes untrusted content from GitHub repositories.\n
- Ingestion points: Data from issue titles and metadata enters the agent's context through the output of 'gh sub-issue list' (SKILL.md, EXAMPLES.md).\n
- Boundary markers: No delimiters or isolation instructions are used to separate external issue content from the agent's system instructions.\n
- Capability inventory: The skill allows the agent to execute CLI commands and manage issue relationships across repositories.\n
- Sanitization: No sanitization, validation, or escaping of the fetched GitHub data is performed before it is processed by the agent.
Audit Metadata