github-milestone-cycle-ops
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface.
- Ingestion points: The skill ingests data from external sources including GitHub issue bodies, pull request descriptions, and project-specific markdown files like
PROJECT.mdandtasks.md. - Boundary markers: Absent. There are no explicit instructions to use delimiters or ignore embedded instructions when processing content from these external project sources.
- Capability inventory: The skill possesses the capability to modify GitHub state (milestones, issues, labels, and project boards) via the
ghCLI and can write reports to the local filesystem. - Sanitization: Absent. Content retrieved from GitHub is incorporated into issue specifications and planning reports without validation, filtering, or escaping.
Audit Metadata