tidy
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the GitHub CLI (
gh) andjqto list, filter, and modify repository issues. This behavior is consistent with the skill's stated purpose of backlog hygiene. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting and acting upon untrusted data from GitHub issues. 1. Ingestion points: Issue titles and bodies are retrieved via
gh issue list(SKILL.md, Process steps 3, 4, 5). 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present in the provided process. 3. Capability inventory: The skill can executegh issue closeandgh issue editbased on its logic. 4. Sanitization: No explicit content sanitization or validation is identified before the agent processes the retrieved issue data.
Audit Metadata