github
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing a third-party GitHub CLI extension using the command
gh extension install agbiotech/gh-sub-issue. This downloads and installs code from a repository that is not part of the trusted vendors list or a well-known service. - [COMMAND_EXECUTION]: The skill utilizes several CLI tools including
gh,jq, andawkto process data and interact with GitHub APIs. While standard for this use case, these commands operate on data fetched from external sources. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from external sources which could contain malicious instructions.
- Ingestion points: External data enters via
gh issue viewandgh apicalls that fetch issue bodies and PR comments (SKILL.md). - Boundary markers: None identified; external content is processed and formatted directly into shell commands or viewed by the agent.
- Capability inventory: The skill can create issues, post comments, and manage sub-issues (SKILL.md).
- Sanitization: Uses
jqfor structured JSON parsing, but the textual content of issues/comments is not sanitized before being presented to the agent context.
Audit Metadata