branch
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes Git and GitHub CLI commands. It adheres to security best practices by using quoted heredocs (
<<'EOF') to prevent variable expansion and shell injection when creating temporary files for issue descriptions.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it incorporates external data from GitHub issues into its logic.\n - Ingestion points: Untrusted data from GitHub issue titles and labels are fetched via the
gh issue viewcommand.\n - Boundary markers: The skill does not define clear boundaries or provide instructions for the agent to treat this external metadata as potentially untrusted.\n
- Capability inventory: The agent can change repository state (
git switch), write to the local filesystem (mktemp), and interact with the GitHub API (gh issue edit,gh issue comment).\n - Sanitization: The workflow includes normalization rules for branch names (lowercase, punctuation removal), which mitigates some risks, but these are not consistently applied to all data outputs, such as when posting issue comments.
Audit Metadata