Skills
skills/max-sixty/worktrunk/triage-issue/Gen Agent Trust Hub

triage-issue

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data from GitHub issue titles and bodies, creating a surface for indirect prompt injection.
  • Ingestion points: Untrusted data enters the agent context through gh issue view (issue title, body, and author) in SKILL.md.
  • Boundary markers: The skill correctly identifies the risk of shell injection and mandates the use of the heredoc pattern for --body arguments to gh commands. However, it lacks explicit delimiters or instructions to the LLM to ignore embedded commands within the issue body itself.
  • Capability inventory: The skill possesses significant capabilities, including file system access (read/write), network operations via gh (commenting, creating PRs), and code execution via cargo.
  • Sanitization: No content-level sanitization or filtering is applied to the issue body before processing.
  • [COMMAND_EXECUTION]: The skill makes extensive use of powerful command-line tools to perform its tasks.
  • Evidence: It executes gh (GitHub CLI), git (version control), and cargo (Rust build tool/test runner).
  • Context: While these are necessary for issue triage, cargo test and cargo run can execute arbitrary code defined in the repository's tests or build.rs files. The skill assumes the repository being triaged is trusted.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 06:27 PM