org-issues-tidy
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local shell script at
~/.claude/scripts/org-issues-scan.shto aggregate data from GitHub. - [COMMAND_EXECUTION]: The skill uses the GitHub CLI (
gh issue comment) to post automated responses to public or private repositories. - [PROMPT_INJECTION]: The skill includes a final instruction block labeled 'IMPORTANT' that directs the agent to automatically exit upon completion, which is a behavioral override for standalone execution contexts.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to how it processes external data.
- Ingestion points: Fetches issue titles, descriptions, and discussion threads from GitHub repositories into a JSON file (
/tmp/org-issues.json). - Boundary markers: The instructions lack specific delimiters or system-level warnings to the agent to treat the fetched GitHub content as untrusted data rather than instructions.
- Capability inventory: The skill possesses the ability to execute shell commands, read local configuration files (
CLAUDE.md), and write to GitHub repositories. - Sanitization: There is no evidence of sanitization, filtering, or validation of the content retrieved from GitHub issues before it is used to generate bot comments.
Audit Metadata