ln-911-github-triager
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
gh(GitHub CLI) tool within a Bash environment to fetch repository data. Commands are structured to perform read-only operations, such as listing issues and PRs or executing GraphQL queries. The arguments for these commands (owner and repo) are derived from local discovery files. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it ingests and processes untrusted data from GitHub issue titles, PR descriptions, and discussion comments.
- Ingestion points: Phase 1 fetches external data from GitHub issues, pull requests, and discussions.
- Boundary markers: No explicit delimiters or instructions are provided to the agent to disregard instructions potentially embedded in the fetched GitHub content.
- Capability inventory: The skill has
BashandReadcapabilities, though it is restricted by rule to read-only operations. - Sanitization: There is no evidence of sanitization or filtering of the external text before it is presented to the agent for classification or reporting.
Audit Metadata