issue
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) as it processes untrusted content from GitHub issues.
- Ingestion points: The skill fetches issue data (title, body, labels) using the
gh issue viewcommand in both/issue lintand/issue enrichsubcommands. - Boundary markers: There are no explicit delimiters or 'ignore embedded instructions' warnings used when the agent processes or 'enriches' the fetched issue content.
- Capability inventory: The skill has the capability to modify remote repository state via
gh issue editand can spawn sub-agents (Codebase explorer, Web researcher) to perform tasks based on the untrusted input. - Sanitization: No sanitization, escaping, or validation of the external issue content is performed before it is used to prompt sub-agents or used to rewrite the issue body.
- [COMMAND_EXECUTION]: The skill executes system commands via the
gh(GitHub) CLI tool. While these commands are central to the skill's functionality, they provide a mechanism for the agent to modify external state (GitHub issues) based on data that may contain malicious instructions.
Audit Metadata