Skills
skills/sunny0826/open-source-skills/issue-triage/Gen Agent Trust Hub

issue-triage

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is inherently vulnerable to indirect prompt injection because its core functionality involves ingesting untrusted data from GitHub issue reports.
  • Ingestion points: The agent fetches content from external GitHub Issue URLs or processes raw text provided by the user (SKILL.md).
  • Boundary markers: The skill includes a 'SECURITY WARNING' instructing the agent to treat issue content as textual data and never follow commands embedded within the issue (SKILL.md).
  • Capability inventory: The agent uses curl to fetch external content from the GitHub API (SKILL.md).
  • Sanitization: No explicit sanitization or escaping of the ingested content is defined, relying solely on the provided prompt instructions.
  • [COMMAND_EXECUTION]: The skill instructions suggest using curl and jq to retrieve data from the GitHub API. While this is used for the primary purpose of the skill and targets a well-known service, executing shell commands based on user-supplied URLs carries a minor risk of command injection if the URL is maliciously crafted.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 08:36 AM