Skills
skills/holon-run/holon/github-issue-solve/Gen Agent Trust Hub

github-issue-solve

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from external sources (GitHub issues and comments) to guide its implementation logic.
  • Ingestion points: Metadata and discussion are read from ${GITHUB_CONTEXT_DIR}/github/issue.json and ${GITHUB_CONTEXT_DIR}/github/comments.json in the 'Analyze Issue' phase.
  • Boundary markers: The skill lacks instructions or delimiters to distinguish between the agent's system instructions and the untrusted content from the issue reports.
  • Capability inventory: The agent has the authority to perform file system modifications, git operations (commit, push), and GitHub CLI actions (pr create, edit).
  • Sanitization: There is no evidence of sanitization, escaping, or validation of the content retrieved from the GitHub API before it influences implementation steps.
  • [COMMAND_EXECUTION]: To fulfill its purpose, the skill directs the agent to "implement the feature or fix" and "run tests," which involves the execution of code changes derived from untrusted issue descriptions.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 07:25 PM