bug-fix
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection.
- Ingestion points: The workflow retrieves untrusted external data via
gh issue viewinSKILL.mdand processes error logs usingGrep. - Boundary markers: There are no delimiters or specific instructions provided to isolate retrieved issue content from the agent's internal logic.
- Capability inventory: The skill possesses powerful tools including file modification (
Edit,Write) and command execution (Bash), which could be exploited if the agent follows instructions embedded in a malicious GitHub issue. - Sanitization: No sanitization, validation, or filtering logic is defined for the content retrieved from external sources before it is used to determine code changes.
Audit Metadata