issue-summary
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from external data sources.
- Ingestion points: The skill fetches GitHub issue details and comments using the
ghCLI tool, which are authored by external users and are inherently untrusted. - Boundary markers: There are no explicit delimiters or instructions (e.g., 'treat the following as data only') used when the agent interpolates the retrieved GitHub content into its summarization prompt.
- Capability inventory: The skill's capabilities are limited to information retrieval and text summarization; it does not possess high-risk permissions such as writing to the filesystem or performing arbitrary network requests.
- Sanitization: No content filtering or validation is performed on the retrieved issue text before it is processed by the AI agent.
Audit Metadata