issue-triage
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Legitimate use of
ghCLI for repository management and system clipboard utilities (pbcopy,xclip,wl-copy) for user convenience. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from GitHub issues, presenting a potential injection surface.
- Ingestion points: Issue bodies and comments are ingested in Phase 1 and Phase 2 (SKILL.md).
- Boundary markers: Subagent prompts use formatting delimiters (headers and bold labels) to separate metadata from untrusted content (SKILL.md).
- Capability inventory: The skill can comment on, label, and close issues using the
ghCLI (SKILL.md). - Sanitization: Content is not sanitized, but the workflow requires mandatory human review and validation before any actions are executed, effectively mitigating the risk of automated exploitation.
Audit Metadata