Skills
skills/mindgames/skills/github-label-agent-issues/Gen Agent Trust Hub

github-label-agent-issues

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data from GitHub issue titles and bodies to perform heuristic scoring and automated labeling.
  • Ingestion points: scripts/label_agent_issues.py fetches issue titles and bodies using the gh issue list command.
  • Boundary markers: No boundary markers or instructions to ignore embedded commands are present when processing the issue data.
  • Capability inventory: The skill possesses the capability to create and apply labels, post comments with mentions, and assign milestones via the gh CLI.
  • Sanitization: There is no evidence of sanitization or escaping of issue content before it is used in heuristic calculations or interpolated into comments.
  • [COMMAND_EXECUTION]: The script performs automated actions using the gh and git command-line interfaces.
  • Evidence: scripts/label_agent_issues.py uses subprocess.run to execute commands such as gh label create, gh issue edit, and gh issue comment.
  • Context: While the script uses the safer list-of-arguments format for subprocess.run, the arguments are partially derived from untrusted issue data, which could lead to unexpected CLI behavior if not properly handled by the underlying tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 10:18 PM