Skills
skills/mattpocock/skills/github-triage/Gen Agent Trust Hub

github-triage

Warn

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The 'Bug reproduction' section of the triage workflow explicitly instructs the agent to "run tests" and "execute commands" to confirm reported behaviors. This allows for the execution of arbitrary shell commands within the host environment.
  • [REMOTE_CODE_EXECUTION]: The skill is designed to follow reproduction steps provided by external users in GitHub issues. If an issue reporter provides malicious code or scripts as part of a bug report, the agent would execute them, resulting in remote code execution from an untrusted source.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and acts upon untrusted data from GitHub issue bodies and comments.
  • Ingestion points: SKILL.md (Step 1: Gather context) specifies reading the full issue body and all comments.
  • Boundary markers: No delimiters or instructions to ignore embedded commands within the ingested data are present.
  • Capability inventory: The skill uses the gh CLI for labeling and commenting, and it has the capability to execute shell commands and run tests.
  • Sanitization: There is no mention of sanitizing or validating the content of issues or comments before they are processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 1, 2026, 12:07 PM