Skills
skills/illusion47586/isol8/issue-to-implementation/Gen Agent Trust Hub

issue-to-implementation

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it fetches and analyzes external data from GitHub issues to determine its actions.
  • Ingestion points: Issue details and comments are retrieved using the gh CLI in scripts/fetch_issue.sh and parsed in scripts/validate_bug.sh.
  • Boundary markers: The skill lacks instructions or delimiters to help the agent distinguish between its own system instructions and potentially malicious instructions embedded in the issue content.
  • Capability inventory: The agent can execute shell commands, manage git branches, commit code, and create pull requests, providing a significant impact if an injection is successful.
  • Sanitization: No sanitization or safety filtering is performed on the data fetched from GitHub before it is analyzed by the agent.- [COMMAND_EXECUTION]: The skill performs various automated repository operations using command-line tools.
  • Evidence: It uses git for branch and commit management, gh for GitHub API interactions, and bun or bunx for executing local tests and development tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 12:41 PM