github-issues
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest and act upon untrusted data from GitHub issues and comments, creating a vulnerability where malicious instructions in an issue could influence the agent's behavior.
- Ingestion points: The
readcommand inSKILL.mdfetches issue details and comments from an external source (GitHub). - Boundary markers: No specific delimiters or instructions are provided to the agent to treat issue content as data rather than instructions.
- Capability inventory: The skill possesses significant capabilities, including code modification, branch creation, pushing to repositories, and posting comments.
- Sanitization: There is no evidence of sanitization or filtering of the content retrieved from GitHub before it is processed by the AI agent.
Audit Metadata