scan-issues
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the GitHub CLI (
gh) to retrieve issue data. This is an expected behavior for a tool designed to scan repositories. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. It retrieves issue titles, labels, and other metadata from external repositories and asks the agent to analyze them for suitability.
- Ingestion points: External data enters the context via the
gh issue listcommand in Phase 1. - Boundary markers: The prompt does not provide clear delimiters or instructions to the agent to treat the issue content as untrusted data or to ignore any instructions embedded within the issue text.
- Capability inventory: While the skill itself focuses on analysis and reporting, the host agent (Claude Code) typically possesses capabilities like file modification and command execution which could be targeted if the analysis is compromised.
- Sanitization: There is no evidence of sanitization or validation of the fetched GitHub data before it is processed by the agent.
- [PROMPT_INJECTION]: The instructions include a directive labeled "IMPORTANT" to control the agent's lifecycle (automatically exiting). This is a flow-control instruction rather than a malicious attempt to bypass safety filters.
Audit Metadata