update-issue
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill possesses a surface for indirect prompt injection as it ingests and processes untrusted data from external GitHub issues.
- Ingestion points: Data enters the context via the
gh issue viewcommand and by reading files in the.github/ISSUE_TEMPLATE/directory. - Boundary markers: The instructions do not define clear delimiters or use "ignore embedded instructions" warnings when processing the issue body or templates.
- Capability inventory: The skill uses
gh issue edit,gh issue view, andgh repo view. These provide read/write access to repository issue data. - Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the issue before the LLM uses it to determine the next update steps.
- Command Execution (SAFE): The skill uses the
gh(GitHub CLI) tool for its intended purpose. The commands are specific (issue view,issue edit,repo view) and do not involve arbitrary shell execution or piping from untrusted network sources.
Audit Metadata