Skills
skills/morphet81/cheat-sheets/address-github-issue/Gen Agent Trust Hub

address-github-issue

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill retrieves external, untrusted data from GitHub issues and provides it directly to sub-agents (PM and Developers) without using sanitization or boundary markers to prevent the agent from obeying instructions embedded in the issue content.
  • Ingestion points: GitHub issue title, body, and comments are fetched via gh issue view in SKILL.md (Step 3).
  • Boundary markers: Absent. The skill does not instruct the agent to wrap external content in delimiters or to ignore instructions contained within the fetched data (Steps 7 and 9).
  • Capability inventory: The spawned sub-agents are general-purpose and are explicitly instructed to explore the codebase, implement changes, and write/run tests, providing a high-impact target for injection.
  • Sanitization: None. Content is parsed from JSON and passed directly into the sub-agent prompts.
  • [COMMAND_EXECUTION]: The skill uses the gh CLI to interact with GitHub repositories. The instructions construct shell commands using variables derived from user input (e.g., <number> and <owner/repo>). While the agent is expected to fill these logically, the lack of explicit sanitization or validation instructions for these arguments presents a potential command injection surface if the input is maliciously crafted.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 03:41 AM